You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ Npm-xml2js-0.4.23 in branch main
The xml2js in versions through 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the "proto" property to be edited.
Vulnerable Package issue exists @ Npm-xml2js-0.4.23 in branch main
The xml2js in versions through 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the "proto" property to be edited.
Namespace: westonphillips
Repository: CheckmarxOnePOV
Repository Url: https://github.com/westonphillips/CheckmarxOnePOV
CxAST-Project: westonphillips/CheckmarxOnePOV
CxAST platform scan: 6a8170d0-38fa-4efc-81df-42628474102c
Branch: main
Application: CheckmarxOnePOV
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1321
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: LOW
Remediation Upgrade Recommendation: 0.5.0
References
Advisory
Advisory
The text was updated successfully, but these errors were encountered: