What the vulnerability does
01Description
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
CVSS base score
7.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Key dates
02Disclosure timeline
July 29, 2024
CVE published
October 11, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-26171 .NET Denial of Service Vulnerability
CVE-2018-16490
CVE-2022-36329 Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices
CVE-2026-26047 Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
