We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.
https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10 contains a vulnerable regex
pass the following string '\t'.repeat(13337) + '.'
Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library
https://gauss-security.com
Summary
A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.
Details
https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10
contains a vulnerable regex
PoC
pass the following string '\t'.repeat(13337) + '.'
Impact
Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library
https://gauss-security.com