CNNVD-202601-5068 Information
CNNVD ID
CNNVD-202601-5068
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
fast-xml-parser是Natural Intelligence开源的一个库。用于在没有基于 C/C++ 的库和回调的情况下,快速验证 XML、解析 XML 和构建 XML。 fast-xml-parser 4.3.6版本至5.3.3版本存在安全漏洞,该漏洞源于处理超出范围的数字实体时存在缺陷,可能导致应用程序崩溃。
Description (English)
Fast-xml-parser is an open-source library of Natural Inteligence. Use to quickly validate XML, resolve XML and build XML without a library and callback based on C/C++. There is a security loophole in versions 4.3.6 to 5.3.3 from past-xml-parser, which stems from deficiencies in the processing of digital entities beyond the scope and could lead to the collapse of the application.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Natural Intelligence
Published
2026-01-30
Last Modified
2026-02-24
References
https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.4 https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-37qj-frw5-hhjh https://github.com/NaturalIntelligence/fast-xml-parser/commit/4e387f61c4a5cef792f6a2f42467013290bf95dc
Patch
https://github.com/NaturalIntelligence/fast-xml-parser/releases
Share on: