CVE-2023-0842

Name of the Vulnerable Software and Affected Versions xml2js versions prior to 0.5.0

Description The issue is related to uncontrolled modification of object prototype attributes in the xml2js software, which converts XML objects to JavaScript. This can allow a remote attacker to edit properties of the proto object. The vulnerability arises because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited.

Recommendations For xml2js versions prior to 0.5.0, update to version 0.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the proto property in the affected application until a patch is available. Avoid using unvalidated JSON keys in the affected API endpoints until the issue is resolved.