Vulnerabilities

 1 via 1 paths

Dependencies

 43

Source

 GitHub

Commit

 9e38c6d4

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity
new

Uncaught Exception

  • Vulnerable module: fast-xml-parser
  • Introduced through: is-svg@5.0.0

Detailed paths

  • Introduced through: postcss-inline-base64@lagden/postcss-inline-base64#9e38c6d461d3ea21a8b21fcd68156e6b5b25f49f is-svg@5.0.0 fast-xml-parser@4.5.3
    Remediation: Upgrade to is-svg@6.0.0.

Overview

fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries

Affected versions of this package are vulnerable to Uncaught Exception in the numeric entity processing when parsing XML containing out-of-range entity code points. An attacker can cause the application to crash by submitting specially crafted XML input that triggers an uncaught exception.

Remediation

Upgrade fast-xml-parser to version 5.3.4 or higher.

References

Uncaught Exception vulnerability report