漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
Vulnerability Description
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.
CVSS Information
N/A
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
fast-xml-parser 安全漏洞
Vulnerability Description
fast-xml-parser是Natural Intelligence开源的一个库。用于在没有基于 C/C++ 的库和回调的情况下,快速验证 XML、解析 XML 和构建 XML。 fast-xml-parser 5.3.8之前版本存在安全漏洞,该漏洞源于使用preserveOrder:true的XML构建器时发生堆栈溢出,可能导致应用程序崩溃。
CVSS Information
N/A
Vulnerability Type
N/A