CVE-2024-41818

Опубликовано: 29 июл. 2024

Источник: debian

Описание

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

Пакет	Статус	Версия исправления	Релиз	Тип
node-webfont	not-affected			package

https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v
Introduced with: https://github.com/NaturalIntelligence/fast-xml-parser/commit/ba5f35e7680468acd7906eaabb2f69e28ed8b2aa (v4.3.5)
Fixed by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164 (v4.4.1)

CVE-2024-41818

CVSS3: 7.5

redhat

больше 1 года назад

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

CVE-2024-41818

CVSS3: 7.5

nvd

больше 1 года назад

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

GHSA-mpg4-rc92-vx8v

CVSS3: 7.5

github

больше 1 года назад

fast-xml-parser vulnerable to ReDOS at currency parsing