Back to bug 2221261

Who	When	What	Removed	Added
Pedro Sampaio	2023-07-07 16:57:48 UTC	Alias	CVE-2023-34104	TRIAGE-CVE-2023-34104
		Summary	CVE-2023-34104 fast-xml-parser: Regex Injection via Doctype Entities	TRIAGE-CVE-2023-34104 fast-xml-parser: Regex Injection via Doctype Entities
Pedro Sampaio	2023-07-07 16:58:26 UTC	Depends On		2221263, 2221262
Pedro Sampaio	2023-07-07 16:58:57 UTC	Blocks		2221264
Avinash Hanwate	2023-07-10 05:34:13 UTC	Alias	TRIAGE-CVE-2023-34104	CVE-2023-34104
		Doc Text		A flaw was found in the fast-XML-parser. The affected versions of fast-XML-parser are vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Doctype Entities. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
		Summary	TRIAGE-CVE-2023-34104 fast-xml-parser: Regex Injection via Doctype Entities	CVE-2023-34104 fast-xml-parser: Regex Injection via Doctype Entities
RaTasha Tillery-Smith	2023-07-10 13:21:26 UTC	Doc Text	A flaw was found in the fast-XML-parser. The affected versions of fast-XML-parser are vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Doctype Entities. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.	A flaw was found in the fast-XML-parser. The affected versions of fast-XML-parser are vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in the Doctype Entities. By sending a specially crafted regex input, a remote attacker can cause a denial of service condition.
Chess Hazlett	2023-07-18 18:10:41 UTC	Fixed In Version		fast-xml-parser 4.2.4
errata-xmlrpc	2023-08-14 01:03:05 UTC	Link ID		Red Hat Product Errata RHSA-2023:4627
Product Security DevOps Team	2023-08-14 05:50:06 UTC	Resolution	---	ERRATA
		Status	NEW	CLOSED
		Last Closed		2023-08-14 05:50:06 UTC

Back to bug 2221261