CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2026-27942 |
LOW |
fast-xml-parser |
5.3.4 |
5.3.8 |
2026-02-26T02:16:22.357Z |
2026-02-27T10:18:22.081501916Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/nodejs:latest |
public.ecr.aws/lambda/nodejs@sha256:08a1a854f41c9cf47b752eb13df532388515ee7dea520ef7854b57a21f775aec |
public.ecr.aws/lambda/nodejs:24 |
public.ecr.aws/lambda/nodejs@sha256:e9a2798c884e8b948ff0670c737c308dc194405986b8ada529155cb61dfbd9d7 |
public.ecr.aws/lambda/nodejs:22 |
public.ecr.aws/lambda/nodejs@sha256:08a1a854f41c9cf47b752eb13df532388515ee7dea520ef7854b57a21f775aec |
public.ecr.aws/lambda/nodejs:20 |
public.ecr.aws/lambda/nodejs@sha256:d187370a830039ddcbf432924071c9f400c41ee69916d8d53b0571753bdd6b95 |
Description
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As a workaround, use XML builder with preserveOrder:false or check the input data before passing to builder.
Remediation Steps
- Update the affected package
fast-xml-parser from version 5.3.4 to 5.3.8.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
