[SECURITY] Fedora 39 Update: mingw-expat-2.6.3-1.fc39

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

The vulnerability of the `cv::XMLParser::parse` function in the `modules/core/src/persistence.cpp` file of the OpenCV library, a open-source computer vision and image processing software, relates to pointer dereferencing errors. This vulnerability allows attackers to trigger a service denial.

The vulnerability of the cv::XMLParser::parse function in the modules/core/src/persistence.cpp file of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, is related to pointer dereferencing errors. Exploiting this vulnerability could allow a...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a Denial of Service (CVE-2024-41818)

Summary There is a vulnerability in fast-xml-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is...

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

OESA-2024-2038 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an...

AZL-48156 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

ROS-20240820-04

Vulnerability in XML parser library libexpat is related to uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to fast-xml-parser ( CVE-2023-34104 )

Summary Package fast-xml-parser is used by IBM Cloud Pak for Data. CVE-2023-34104. Vulnerability Details CVEID:CVE-2023-34104 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the Doctype Entities...

Journyx Unauthenticated XML External Entities Injection

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2024-6893 2. Vulnerability Description The "soapcgi.pyc" API handler allows...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.16.1 Images security update

Red Hat OpenShift Virtualization release 4.16.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

CVE-2024-41818

A regular expression denial of service ReDoS flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition...

GHSA-MPG4-RC92-VX8V fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

@appium/universal-xml-plugin (>=1.0.18 <=1.0.20), @cardscan.ai/cardscan-client (>=0.1.0 <=0.4.3) +105 more potentially affected by CVE-2024-41818 via fast-xml-parser (>=4.3.5 <=4.4.0)

fast-xml-parser NPM version =4.3.5, =1.0.18, =0.1.0, =1.1.0, =8.0.167, =11.49.0, =13.4.12, =11.49.0, =28.16.23, =11.49.0, =0.0.145, =1.0.0, =10.3.11, =0.1.11, =8.0.167, =5.0.167, =5.0.200 and more Source cves: CVE-2024-41818 Source advisory: OSV:GHSA-MPG4-RC92-VX8V...

fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

CVE-2024-41818

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818

Technical details about CVE-2024-41818 are not provided in the connected documents. The initial entry notes a ReDoS in currency.js fixed in 4.4.1. Monitor for updates.

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...