Lucene search
GitHub_MCVE-2024-41818HistoryJul 29, 2024 - 4:15 p.m.
CVE-2024-41818
2024-07-2916:15:05
CWE-1333
GitHub_M
web.nvd.nist.gov
200
xml parser javascript redos currency.js vulnerability fix 4.4.1
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
21.9%
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
Affected configurations
Node
fast-xml-parser_projectfast-xml-parserMatch4.2.4node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fast-xml-parser_project | fast-xml-parser | 4.2.4 | cpe:2.3:a:fast-xml-parser_project:fast-xml-parser:4.2.4:*:*:*:*:node.js:*:* |
CNA Affected
[
{
"vendor": "NaturalIntelligence",
"product": "fast-xml-parser",
"versions": [
{
"version": "< 4.4.1",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2024-41818
2024-07-29 16:15:05
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2024-07-30 09:55:57
cvelist
cvelist
CVE-2024-41818
2024-07-29 15:56:38
ibm
ibm
osv
osv
CVE-2024-41818
2024-07-29 16:15:05
CGA-cr5v-98hj-38hr
2024-08-01 14:04:52
CGA-69jr-f6mf-38rf
2024-08-13 14:04:52
redhatcve
redhatcve
CVE-2024-41818
2024-07-31 08:19:34
wolfi
wolfi
CVE-2024-41818 vulnerabilities
2024-09-21 03:21:11
vulnrichment
vulnrichment
CVE-2024-41818
2024-07-29 15:56:38
github
github
fast-xml-parser vulnerable to ReDOS at currency parsing
2024-07-29 17:46:16
redhat
redhat
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
21.9%
Related for CVE-2024-41818