CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41818 – ReDOS at currency parsing fast-xml-parser
https://notcve.org/view.php?id=CVE-2024-41818
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition. • https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v https://github.com/NaturalIntelligence/fast-xml-parser/commit/ba5f35e7680468acd7906eaabb2f69e28ed8b2aa https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164 https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10 https://access.redhat.com/security/cve/CVE-2024-41818 https://bugzilla.redhat.com/show_bug.cgi?id=2300499 • CWE-400: Uncontrolled Resource Consumption •