16 matches found
Stack Overflow
fast-xml-parser is vulnerable to stack overflow vulnerability. The vulnerability is due to improper handling in the XML builder when preserveOrder:true is enabled, which allows an attacker to trigger a stack overflow and crash the application by providing crafted input data...
GHSA-FJ3W-JWP8-X2G3 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
Impact Application crashes with stack overflow when user use XML builder with prserveOrder:true for following or similar input 'foo': 'bar': '@V': 'baz' Cause: arrToStr was not validating if the input is an array or a string and treating all non-array values as text content. What kind of...
EUVD-2026-8811
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder...
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
Impact Application crashes with stack overflow when user use XML builder with prserveOrder:true for following or similar input 'foo': 'bar': '@V': 'baz' Cause: arrToStr was not validating if the input is an array or a string and treating all non-array values as text content. What kind of...
CVE-2026-27942
A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the preserveOrder option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service DoS. Mitigation To...
Buffer Overflow
Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Buffer Overflow via the XMLBuilder when preserveOrder:true is set. An attacker can cause the application to crash by providing specially crafted input...
Buffer Overflow
Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Buffer Overflow via the XMLBuilder when preserveOrder:true is set. An attacker can cause the application to crash by providing special...
CVE-2026-27942
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...
DEBIAN-CVE-2026-27942
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...
UBUNTU-CVE-2026-27942
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...
CVE-2026-27942
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...
CVE-2026-27942 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...
CVE-2026-27942
CVE-2026-27942 affects fast-xml-parser. Before 5.3.8, XMLBuilder with preserveOrder: true can crash with a stack overflow. The issue is fixed in 5.3.8. Workarounds include building XML with preserveOrder: false or validating input data before passing to the builder. Connected sources also referen...
CVE-2026-27942 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...
PT-2026-22099
Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 5.3.8 Description fast-xml-parser is a tool for XML validation, parsing XML to JavaScript objects, and building XML from JavaScript objects without relying on C/C++ libraries or callbacks. Prior to version...
fast-xml-parser 安全漏洞
fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML files without relying on C/C++-based libraries or callbacks. Versions of fast-xml-parser prior to 5.3.8 contained a security vulnerability. This...