You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fast-xml-parser is vulnerable to ReDOS at currency parsing. This issue is patched on version: 4.4.1.
Could you please update the used fast-xml-parser version.
Summary
A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.
fast-xml-parser is vulnerable to ReDOS at currency parsing. This issue is patched on version: 4.4.1.
Could you please update the used fast-xml-parser version.
Summary
A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.
Details
https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10
contains a vulnerable regex
PoC
pass the following string '\t'.repeat(13337) + '.'
Impact
Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library
https://gauss-security.com/
The text was updated successfully, but these errors were encountered: