CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41818 – ReDOS at currency parsing fast-xml-parser
https://notcve.org/view.php?id=CVE-2024-41818
29 Jul 2024 — fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition. • https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26920
https://notcve.org/view.php?id=CVE-2023-26920
12 Dec 2023 — fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. fast-xml-parser anterior a 4.1.2 permite __proto__ para Prototype Pollution. • https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •