[GHSA-8gc5-j5rx-235r] fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)#7220
Conversation
|
Hi there @amitguptagwl! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
yuezk/advisory-improvement-7220
There was a problem hiding this comment.
Pull request overview
Updates the GHSA advisory for fast-xml-parser to reflect that the issue is fixed in the 4.x release line as well, and adds supporting references.
Changes:
- Adjusted the affected version range for the 5.x line to start at
5.0.0 - Added a separate affected range for the 4.x line with fix version
4.5.5 - Added additional upstream references (issue + release link)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Updates
Comments
The issue has been fixed on 4.x release, update the affected version accordingly.