Vulnerable Package issue exists @ Npm-xml2js-0.4.23 in branch main
The xml2js in versions through 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the "proto" property to be edited.
Vulnerable Package issue exists @ Npm-xml2js-0.4.23 in branch main
The xml2js in versions through 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the "proto" property to be edited.
Namespace: westonphillips Repository: CheckmarxOnePOV Repository Url: https://github.com/westonphillips/CheckmarxOnePOV CxAST-Project: westonphillips/CheckmarxOnePOV CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c Branch: main Application: CheckmarxOnePOV Severity: HIGH State: NOT_IGNORED Status: RECURRENT CWE: CWE-1321
Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: LOW Availability impact: LOW Remediation Upgrade Recommendation: 0.5.0
References Advisory Advisory