A flaw was found in the fast-XML-parser. The affected versions of fast-XML-parser are vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in the Doctype Entities. By sending a specially crafted regex input, a remote attacker can cause a denial of service condition.
bugzilla.redhat.com/show_bug.cgi?id=2221261
github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c
github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw
nvd.nist.gov/vuln/detail/CVE-2023-34104
www.cve.org/CVERecord?id=CVE-2023-34104