CVE-2023-26920

MEDIUM EPSS 63.0%
Published Dec 12, 20232y ago ยท Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Dec 12, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
63.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-1321

Affected Products 1

VendorProductVersionRange
naturalintelligencefast_xml_parser* <4.1.2

References 3

  • gist.github.com https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7
    Exploit
  • github.com https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804
    Patch
  • github.com https://github.com/advisories/GHSA-793h-6f7r-6qvm
    Third Party Advisory

Remediation

  • github.com https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804
    Patch