Lucene search
Redhat.comRH:CVE-2023-34104HistoryJul 10, 2023 - 5:47 a.m.
CVE-2023-34104
2023-07-1005:47:31
redhat.com
access.redhat.com
7
0.001 Low
EPSS
Percentile
19.2%
A flaw was found in the fast-XML-parser. The affected versions of fast-XML-parser are vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in the Doctype Entities. By sending a specially crafted regex input, a remote attacker can cause a denial of service condition.
References
bugzilla.redhat.com/show_bug.cgi?id=2221261
github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c
github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw
nvd.nist.gov/vuln/detail/CVE-2023-34104
www.cve.org/CVERecord?id=CVE-2023-34104
Related
osv
osv
CVE-2023-34104
2023-06-06 18:15:11
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
2023-06-06 17:33:13
ibm
ibm
cvelist
cvelist
CVE-2023-34104 Regex Injection via Doctype Entities
2023-06-06 17:35:54
prion
prion
Code injection
2023-06-06 18:15:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-08 09:32:52
cve
cve
CVE-2023-34104
2023-06-06 18:15:11
github
github
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
2023-06-06 17:33:13
debiancve
debiancve
CVE-2023-34104
2023-06-06 18:15:11
redhat
redhat