Fast Xml Parser
CVE-2024-41818
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 11 npm packages depend on fast-xml-parser (11 direct, 0 indirect)
Ecosystem-wide dependent count for version 4.3.5.
DescriptionNVD
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
AnalysisAI
fast-xml-parser is an open source, pure javascript xml parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. Affected products include: Naturalintelligence Fast-Xml-Parser.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
More in Fast Xml Parser
View allReDoS in fast-xml-parser before fix via crafted XML. PoC and patch available.
Fast XML Parser versions 4.1.3 through 5.3.5 are vulnerable to XML entity expansion attacks that allow remote attackers
Fast-xml-parser versions 5.0.9 through 5.3.3 crash when processing XML containing out-of-range numeric entity code point
fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. Rated medium severity (CVSS 6.5), this vulnerabil
Stack overflow denial of service in fast-xml-parser versions prior to 5.3.8 occurs when the XML builder is used with the
fast-xml-parser is an open source, pure javascript xml parser. Rated high severity (CVSS 7.5), this vulnerability is rem
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today