Leonidas-from-XIV/node-xml2js

Releases44

Frequency3 months 1 week

Last Release almost 3 years ago

Stars4.97K

XML to JavaScript object converter.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-0842 ↗	Apr 5, 2023Wednesday, 5 April 2023, 20:15	5.3 MEDIUM	—
xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.