fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

PT-2024-29584

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...

LangChain Security Breach

LangChain is used to build applications using LLM through composability. A security vulnerability exists in LangChain langchainexperimental version 0.0.14, which originated from a vulnerability that allows attackers to bypass the CVE-2023-36258 fix and execute arbitrary code via PALChain in the...

Node.js: fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks.

A vulnerability was found in the fs.mkdtemp and fs.mkdtempSync functions in Node.js 20, which allowed malicious actors to bypass the permission model check and create arbitrary directories...

Raspberry Pi launches PIXEL OS for Mac and PCs

Here's the Raspberry Pi's Christmas treat for tech community! The Raspberry Pi Foundation has released an experimental version of its lightweight Linux-based Debian operating system called PIXEL OS that can run on most standard desktop computers ships with Windows and Mac OS X without the need of...