Update fast-xml-parser to address XML entity expansion and improper validation

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Won't Do
    • Priority: Major - P3
    • 1.49.4
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed
    • Developer Tools

      `fast-xml-parser@5.4.1` has two reported vulnerabilities:
      1. SNYK-JS-FASTXMLPARSER-15677840 Numeric XML entity expansion is not properly limited, allowing attackers to trigger resource exhaustion
      2. SNYK-JS-FASTXMLPARSER-15699647 Improper handling of entity limit configuration can disable protections and enable unbounded XML entity expansion

            Assignee:
            Basit Chonka
            Reporter:
            Basit Chonka
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: