You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in currency.js, which can be triggered by supplying excessively long strings such as '\t'.repeat(13337) + '.'
Note: The vulnerability is in the experimental "v5" functionality that is included in version 4.x during development, at the time of discovery.
Introduced through
@aws-sdk/[email protected] and @aws-sdk/[email protected]
Fixed in
[email protected]
Exploit maturity
No known exploit
Show less detail
Detailed paths and remediation
Introduced through: [email protected] › @aws-sdk/[email protected] › [email protected]
Fix: Upgrade to @aws-sdk/[email protected]
Introduced through: [email protected] › @aws-sdk/[email protected] › @aws-sdk/[email protected] › [email protected]
Fix: Upgrade to @aws-sdk/[email protected]
Security information
Factors contributing to the scoring:
Snyk: CVSS v4.0 6.9 - Medium Severity | CVSS v3.1 5.3 - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in currency.js, which can be triggered by supplying excessively long strings such as '\t'.repeat(13337) + '.'
Note: The vulnerability is in the experimental "v5" functionality that is included in version 4.x during development, at the time of discovery.
Learn about this type of vulnerability
The text was updated successfully, but these errors were encountered: