Описание
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.
Отчет
This flaw has been assessed as IMPORTANT for Red Hat products. This vulnerability arises when the parsed XML output is subsequently rendered to users which requires the interaction of the user. The impact of this flaw is also limited to the user's browser context.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 8 | mta/mta-ui-rhel9 | Affected | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-main-rhel8 | Affected | ||
| Red Hat Developer Hub | rhdh/rhdh-hub-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-core-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/ocs-client-console-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-console-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-multicluster-console-rhel9 | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argocd-rhel8 | Affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argocd-rhel9 | Affected | ||
| Red Hat OpenShift Virtualization 4 | container-native-virtualization/kubevirt-console-plugin | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.
fast-xml-parser allows users to validate XML, parse XML to JS object, ...
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
EPSS
7.1 High
CVSS3