Version 0.6.2

xml2js

XML to JavaScript object converter.

Install Instructions

npm install xml2js
Current Version Release Date July 26, 2023
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/xml2js@0.6.2

Find xml2js vulnerabilities in your supply chain.

Scan for Free

xml2js Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2023-0842 Medium 5.3 CWE-1321 0.00104 0.43825
  • 0.1.0–0.4.23

xml2js Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2023-0842 xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. 0.4.23, 0.2.3, 0.4.17, 0.4.12, 0.4.10, 0.4.11, 0.4.9, 0.4.8 (Show all) Minor → 0.5.0

Instantly see if these xml2js vulnerabilities affect your code.

Scan for Free