Snyk Medium Vulnerability: fast-xml-parser Regular Expression Denial of Service (ReDoS) #400
Assignees
Labels
I & A
Used for ESDIS I&A Sprint Review
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Introduced through
@aws-sdk/[email protected] and @aws-sdk/[email protected]
Fixed in
[email protected]
Exploit maturity
No known exploit
Show less detail
Detailed paths and remediation
Introduced through: [email protected] › @aws-sdk/[email protected] › [email protected]
Fix: Upgrade to @aws-sdk/[email protected]
Introduced through: [email protected] › @aws-sdk/[email protected] › @aws-sdk/[email protected] › [email protected]
Fix: Upgrade to @aws-sdk/[email protected]
Security information
Factors contributing to the scoring:
Snyk: CVSS v4.0 6.9 - Medium Severity | CVSS v3.1 5.3 - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in currency.js, which can be triggered by supplying excessively long strings such as '\t'.repeat(13337) + '.'
Note: The vulnerability is in the experimental "v5" functionality that is included in version 4.x during development, at the time of discovery.
Learn about this type of vulnerability
The text was updated successfully, but these errors were encountered: