debian · CVE-2023-0842

Quick triage

Priority: not yet assigned Published: Updated: Sun, 12 Jul 2026 15:01:28 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-0842 not yet assigned priority: Debian including 1 source packages (node-xml2js), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.

Description:

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

cvelogic Threat Intelligence