Filtered by vendor Naturalintelligence
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26278 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-02-23 | N/A | 7.5 HIGH |
| fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option. | |||||
| CVE-2023-26920 | 1 Naturalintelligence | 1 Fast Xml Parser | 2024-11-21 | N/A | 6.5 MEDIUM |
| fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. | |||||