XML External Entity (XXE)
fast-xml-parser is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of a dot . in DOCTYPE entity names, which is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities and bypass entity encoding, thereby...