Description
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
Scores
CVSS v3
7.5
EPSS
0.0089
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
CWE-1333
Status
published
Products (3)
fast-xml-parser_project/fast-xml-parser
4.2.4
naturalintelligence/fast-xml-parser
4.2.4
npm/fast-xml-parser
4.3.5 - 4.4.1npm
Published
Jul 29, 2024
Tracked Since
Feb 18, 2026