sonarcloud[bot]
commented
1 month ago 
Quality Gate passed for 'CodeCharta Visualization'
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
This PR contains the following updates:
4.4.0->4.4.1GitHub Vulnerability Alerts
CVE-2024-41818
Summary
A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team.
Details
https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.js#L10 contains a vulnerable regex
PoC
pass the following string '\t'.repeat(13337) + '.'
Impact
Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library
https://gauss-security.com
Release Notes
NaturalIntelligence/fast-xml-parser (fast-xml-parser)
### [`v4.4.1`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v4.4.0...v4.4.1) [Compare Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v4.4.0...v4.4.1)Configuration
π Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.