fast-xml-parser has RangeError DoS Numeric Entities Bug
Summary
fast-xml-parser has RangeError DoS Numeric Entities Bug. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-248. Affected package(s): odf4/ocs-metrics-exporter-rhel9:1781557202, odf4/mcg-core-rhel9:1781555645, odf4/odf-rhel9-operator:1781556958, advanced-cluster-security/rhacs-main-rhel8:1775594119, odf4/cephcsi-rhel9-operator:1781554936, odf4/ocs-client-console-rhel9:1781558423. Resolved in Red Hat advisory RHSA-2026:7110 — update the affected packages (`sudo dnf update`).
- odf4/ocs-metrics-exporter-rhel9:1781557202
- odf4/mcg-core-rhel9:1781555645
- odf4/odf-rhel9-operator:1781556958
- advanced-cluster-security/rhacs-main-rhel8:1775594119
- odf4/cephcsi-rhel9-operator:1781554936
- odf4/ocs-client-console-rhel9:1781558423
- odf4/odf-cli-rhel9:1781557189
- advanced-cluster-security/rhacs-main-rhel8:1775594284
- odf4/rook-ceph-rhel9-operator:1781557496
- odf4/odf-console-rhel9:1781556534
- odf4/odf-csi-addons-rhel9-operator:1781555971
- odf4/mcg-rhel9-operator:1781556009
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:7110
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:7110 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.