GHSA-GH4J-GQV2-49F6 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters Summary fast-xml-parser XMLBuilder does not escape the -- sequence in comment content or the sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data...

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +3092 more potentially affected by CVE-2014-125087 via com.jamesmurty.utils:java-xmlbuilder (>=0.3 <=1.1)

com.jamesmurty.utils:java-xmlbuilder MAVEN version =0.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2014-125087 Source advisory: OSV:GHSA-3VRC-RRPW-R5PW...