Lucene search
K

4 matches found

OSV
OSV
added 2024/07/29 5:46 p.m.2 views

GHSA-MPG4-RC92-VX8V fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

8.7CVSS5.9AI score0.00828EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/07/29 5:46 p.m.54 views

fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

7.5CVSS7.4AI score0.00828EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/07/29 3:56 p.m.51 views

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

7.5CVSS0.00828EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.7 views

PT-2024-29584

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...

8.7CVSS6.8AI score0.00828EPSS
Exploits1References10
Rows per page
Query Builder