Skip to content

Resolve GHSA-m7jm-9gc2-mpf2 by removing vulnerable fast-xml-parser@5.2.1 lockfile resolution#2004

Draft
mikeharder with Copilot wants to merge 2 commits into
mainfrom
copilot/fix-fast-xml-parser-vulnerability
Draft

Resolve GHSA-m7jm-9gc2-mpf2 by removing vulnerable fast-xml-parser@5.2.1 lockfile resolution#2004
mikeharder with Copilot wants to merge 2 commits into
mainfrom
copilot/fix-fast-xml-parser-vulnerability

Conversation

Copilot AI commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Dependabot flagged fast-xml-parser@5.2.1 (CVE-2026-25896 / GHSA-m7jm-9gc2-mpf2), where regex handling in DOCTYPE entity names can bypass entity encoding and enable injection paths. This change updates dependency resolution so the vulnerable version is no longer present in the workspace lock graph.

  • Dependency remediation

    • Refreshed pnpm-lock.yaml to eliminate all fast-xml-parser@5.2.1 resolutions.
    • Lockfile now resolves fast-xml-parser to non-vulnerable versions only (notably 5.8.0 in current graph).
  • Scope

    • Change is lockfile-only; no source/runtime logic was modified.
    • No manifest constraints were changed.
  • Reachability Assessment

    • Advisory behavior targets XML entity parsing (XMLParser / DOCTYPE entity replacement).
    • In this repo, vulnerable resolution was introduced transitively through dev/test toolchains (e.g., @microsoft.azure/autorest.testserver, @typespec/spector dependency trees), not direct application code paths.
    • No direct in-repo usage of fast-xml-parser APIs was found.
    • Assessment: Not directly reachable from shipped generator runtime code; reachable in tooling dependency graph.
    • Confidence: High.
# before
fast-xml-parser@5.2.1:

# after
fast-xml-parser@5.8.0:
Original prompt

This section details the Dependabot vulnerability alert you should resolve

<alert_title>fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names</alert_title>
<alert_description># Entity encoding bypass via regex injection in DOCTYPE entity names

Summary

A dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (&lt;, &gt;, &amp;, &quot;, &apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered.

Details

The fix for CVE-2023-34104 addressed some regex metacharacters in entity names but missed . (period), which is valid in XML names per the W3C spec.

In DocTypeReader.js, entity names are passed directly to RegExp():

entities[entityName] = {
    regx: RegExp(`&${entityName};`, "g"),
    val: val
};

An entity named l. produces the regex /&l.;/g where . matches any character, including the t in &lt;. Since DOCTYPE entities are replaced before built-in entities, this shadows &lt; entirely.

The same issue exists in OrderedObjParser.js:81 (addExternalEntities), and in the v6 codebase - EntitiesParser.js has a validateEntityName function with a character blacklist, but . is not included:

// v6 EntitiesParser.js line 96
const specialChar = "!?\\/[]$%{}^&*()<>|+";  // no dot

Shadowing all 5 built-in entities

Entity name Regex created Shadows
l. /&l.;/g &lt;
g. /&g.;/g &gt;
am. /&am.;/g &amp;
quo. /&quo.;/g &quot;
apo. /&apo.;/g &apos;

PoC

const { XMLParser } = require("fast-xml-parser");

const xml = `<?xml version="1.0"?>
<!DOCTYPE foo [
  <!ENTITY l. "<img src=x onerror=alert(1)>">
]>
<root>
  <text>Hello &lt;b&gt;World&lt;/b&gt;</text>
</root>`;

const result = new XMLParser().parse(xml);
console.log(result.root.text);
// Hello <img src=x onerror=alert(1)>b>World<img src=x onerror=alert(1)>/b>

No special parser options needed - processEntities: true is the default.

When an app renders result.root.text in a page (e.g. innerHTML, template interpolation, SSR), the injected <img onerror> fires.

&amp; can be shadowed too:

const xml2 = `<?xml version="1.0"?>
<!DOCTYPE foo [
  <!ENTITY am. "'; DROP TABLE users;--">
]>
<root>SELECT * FROM t WHERE name='O&amp;Brien'</root>`;

const r = new XMLParser().parse(xml2);
console.log(r.root);
// SELECT * FROM t WHERE name='O'; DROP TABLE users;--Brien'

Impact

This is a complete bypass of XML entity encoding. Any application that parses untrusted XML and uses the output in HTML, SQL, or other injection-sensitive contexts is affected.

  • Default config, no special options
  • Attacker can replace any &lt; / &gt; / &amp; / &quot; / &apos; with arbitrary strings
  • Direct XSS vector when parsed XML content is rendered in a page
  • v5 and v6 both affected

Suggested fix

Escape regex metacharacters before constructing the replacement regex:

const escaped = entityName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
entities[entityName] = {
    regx: RegExp(`&${escaped};`, "g"),
    val: val
};

For v6, add . to the blacklist in validateEntityName:

const specialChar = "!?\\/[].{}^&*()<>|+";

Severity

CWE-185 (Incorrect Regular Expression)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N - 9.3 (CRITICAL)

Entity decoding is a fundamental trust boundary in XML processing. This completely undermines it with no preconditions.</alert_description>

critical
GHSA-m7jm-9gc2-mpf2, CVE-2026-25896
fast-xml-parser
npm
<vulnerable_versions>5.2.1</vulnerable_versions>
<patched_version>5.3.5</patched_version>
<manifest_path>pnpm-lock.yaml</manifest_path>

https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2 https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69 https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5 https://nvd.nist.gov/vuln/detail/CVE-2026-25896 https://github.com/advisories/GHSA-m7jm-9gc2-mpf2

<task_instructions>Resolve this alert by updating the affected package to a non-vulnerable version. Prefer the lowest non-vulnerable version (see the patched_version field above) over the latest to minimize breaking changes. Include a Reachability Assessment section in the PR description. Review the alert_description field to understand which APIs, features, or configurations are affected, then search the codebase for usage of those specific items. If the vulnerable code pa...

Copilot AI changed the title [WIP] Fix entity encoding bypass in fast-xml-parser Resolve GHSA-m7jm-9gc2-mpf2 by removing vulnerable fast-xml-parser@5.2.1 lockfile resolution Jun 24, 2026
Copilot AI requested a review from mikeharder June 24, 2026 05:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants