7 matches found
ROOT-APP-NPM-CVE-2026-33349 CVE-2026-33349 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-33349 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645.
Summary IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645...
CVE-2026-33349
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are...
CVE-2026-33349
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...
UBUNTU-CVE-2026-33349
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...
CVE-2026-33349
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...
@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.9), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1174 more potentially affected by CVE-2026-33349 via fast-xml-parser (>=5.0.1 <=5.5.6)
fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =0.2.0, =0.5.3, =0.2.1, =0.0.4, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.4.3 and more Source cves: CVE-2026-33349 Source advisory: OSV:GHSA-JP2Q-39XQ-3W4G...