Security
Headlines

Headlines Latest CVEs

Headline

GHSA-776f-qx25-q3cc: xml2js is vulnerable to prototype pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

1 year ago

xml2js is vulnerable to prototype pollution

High severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 7, 2023

Related news

CVE-2023-28955: Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.

1 year ago

#vulnerability #dos #apache #nodejs #js #java #ssrf #vmware #auth #ibm #ssl

CVE-2023-0842: xml2js 0.4.23 - Prototype Pollution | Advisories | Fluid Attacks

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

1 year ago

#vulnerability #linux #js #git #java #perl #pdf #auth

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

1 day ago

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

1 day ago

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

1 day ago

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

1 day ago

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

2 days ago