3 matches found
CVE-2023-34104
CVE-2023-34104 is a ReDoS vulnerability in the Natural Intelligence fast-xml-parser used by IBM Cloud Pak for Data (and related IBM products). The flaw arises from unescaped/sanitized special characters in entity names that are used to build a regex for entity replacement in DOCTYPE parsing, enab...
CVE-2026-41650
CVE-2026-41650 affects fast-xml-parser XMLBuilder prior to v5.7.0, where unescaped "-->" in comments and "]]>" in CDATA can lead to XML injection when user-controlled data is built into XML from JavaScript objects. This can enable XSS, SOAP injection, or data manipulation as described in th...
CVE-2026-27942
CVE-2026-27942 affects fast-xml-parser. Before 5.3.8, XMLBuilder with preserveOrder: true can crash with a stack overflow. The issue is fixed in 5.3.8. Workarounds include building XML with preserveOrder: false or validating input data before passing to the builder. Connected sources also referen...