CVE-2024-41818

A regular expression denial of service ReDoS flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition...

GHSA-MPG4-RC92-VX8V fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

@appium/universal-xml-plugin (>=1.0.18 <=1.0.20), @cardscan.ai/cardscan-client (>=0.1.0 <=0.4.3) +105 more potentially affected by CVE-2024-41818 via fast-xml-parser (>=4.3.5 <=4.4.0)

fast-xml-parser NPM version =4.3.5, =1.0.18, =0.1.0, =1.1.0, =8.0.167, =11.49.0, =13.4.12, =11.49.0, =28.16.23, =11.49.0, =0.0.145, =1.0.0, =10.3.11, =0.1.11, =8.0.167, =5.0.167, =5.0.200 and more Source cves: CVE-2024-41818 Source advisory: OSV:GHSA-MPG4-RC92-VX8V...

fast-xml-parser vulnerable to ReDOS at currency parsing

Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...

CVE-2024-41818

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818

Technical details about CVE-2024-41818 are not provided in the connected documents. The initial entry notes a ReDoS in currency.js fixed in 4.4.1. Monitor for updates.

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

CVE-2024-41818 ReDOS at currency parsing fast-xml-parser

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1...

fast-xml-parser 安全漏洞

fast-xml-parser is an open source library from Natural Intelligence. It is used to quickly validate XML, parse XML and build XML without C/C++ based libraries and callbacks. A security vulnerability exists in fast-xml-parser version v4.2.4. An attacker could use this vulnerability to cause a deni...

PT-2024-29584

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...

CVE-2024-41818

creationtimestamp| type| source ---|---|--- 2024-07-28 00:58:52+00:00| published-proof-of-concept| https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

MAL-2024-1713 Malicious code in abcotv-xml-parser (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in abcotv-xml-parser (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary...

SEW-EURODRIVE MOVITOOLS MotionStudio XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote atttackers to disclose sensitive information on affected installations of SEW-EURODRIVE MOVITOOLS MotionStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

ROS-20240603-03

A vulnerability in the XML parser library libexpat is related to incorrect restriction of recursive object references in DTDs. recursive object references in DTDs. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...