fix: update fast-xml-parser 4.4.1 → 4.5.4 (CVE-2026-25896)

[Copilot]

fast-xml-parser ≤4.4.1 allows DOCTYPE entity names containing regex metacharacters (e.g., .) to shadow built-in XML entities (<, &, etc.), enabling XSS and injection attacks. Patched in 4.5.4.

fast-xml-parser is a transitive dep via @aws-sdk/core → @aws-sdk/client-ssm. It is not reachable through untrusted input — the SDK uses it only to parse trusted AWS service responses — so this is a scanner-compliance update.

Changes

• package.json — Added overrides (npm) and resolutions (yarn) to pin fast-xml-parser to 4.5.4
• package-lock.json — Regenerated via npm install; resolves fast-xml-parser to 4.5.4
• yarn.lock — Entry updated to 4.5.4 with correct integrity hash; reference in @aws-sdk/core deps updated to match

Original prompt

---

This section details the Dependabot vulnerability alert you should resolve

<alert_title>fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names</alert_title>
<alert_description># Entity encoding bypass via regex injection in DOCTYPE entity names

Summary

A dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered.

Details

The fix for CVE-2023-34104 addressed some regex metacharacters in entity names but missed . (period), which is valid in XML names per the W3C spec.

In DocTypeReader.js, entity names are passed directly to RegExp():

entities[entityName] = {
    regx: RegExp(`&${entityName};`, "g"),
    val: val
};

An entity named l. produces the regex /&l.;/g where . matches any character, including the t in <. Since DOCTYPE entities are replaced before built-in entities, this shadows < entirely.

The same issue exists in OrderedObjParser.js:81 (addExternalEntities), and in the v6 codebase - EntitiesParser.js has a validateEntityName function with a character blacklist, but . is not included:

// v6 EntitiesParser.js line 96
const specialChar = "!?\\/[]$%{}^&*()<>|+";  // no dot

Shadowing all 5 built-in entities

Entity name	Regex created	Shadows
l.	/&l.;/g	<
g.	/&g.;/g	>
am.	/&am.;/g	&
quo.	/&quo.;/g	"
apo.	/&apo.;/g	'

PoC

const { XMLParser } = require("fast-xml-parser");

const xml = `<?xml version="1.0"?>
<!DOCTYPE foo [
  <!ENTITY l. "<img src=x onerror=alert(1)>">
]>
<root>
  <text>Hello &lt;b&gt;World&lt;/b&gt;</text>
</root>`;

const result = new XMLParser().parse(xml);
console.log(result.root.text);
// Hello <img src=x onerror=alert(1)>b>World<img src=x onerror=alert(1)>/b>

No special parser options needed - processEntities: true is the default.

When an app renders result.root.text in a page (e.g. innerHTML, template interpolation, SSR), the injected <img onerror> fires.

& can be shadowed too:

const xml2 = `<?xml version="1.0"?>
<!DOCTYPE foo [
  <!ENTITY am. "'; DROP TABLE users;--">
]>
<root>SELECT * FROM t WHERE name='O&amp;Brien'</root>`;

const r = new XMLParser().parse(xml2);
console.log(r.root);
// SELECT * FROM t WHERE name='O'; DROP TABLE users;--Brien'

Impact

This is a complete bypass of XML entity encoding. Any application that parses untrusted XML and uses the output in HTML, SQL, or other injection-sensitive contexts is affected.

• Default config, no special options
• Attacker can replace any < / > / & / " / ' with arbitrary strings
• Direct XSS vector when parsed XML content is rendered in a page
• v5 and v6 both affected

Suggested fix

Escape regex metacharacters before constructing the replacement regex:

const escaped = entityName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
entities[entityName] = {
    regx: RegExp(`&${escaped};`, "g"),
    val: val
};

For v6, add . to the blacklist in validateEntityName:

const specialChar = "!?\\/[].{}^&*()<>|+";

Severity

CWE-185 (Incorrect Regular Expression)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N - 9.3 (CRITICAL)

Entity decoding is a fundamental trust boundary in XML processing. This completely undermines it with no preconditions.</alert_description>

critical
GHSA-m7jm-9gc2-mpf2, CVE-2026-25896
fast-xml-parser
npm
<vulnerable_versions>4.4.1</vulnerable_versions>
<patched_version>4.5.4</patched_version>
<manifest_path>functions/helpers/getSecretDetails/yarn.lock</manifest_path>

https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2 https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69 https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5 https://nvd.nist.gov/vuln/detail/CVE-2026-25896 https://github.com/advisories/GHSA-m7jm-9gc2-mpf2

<task_instructions>Resolve this alert by updating the affected package to a non-vulnerable version. Prefer the lowest non-vulnerable version (see the patched_version field above) over the latest to minimize breaking changes. Include a Reachability Assessment section in the PR description. Review the alert_description field to understand which APIs, features, or configurations are affected, then search the codebase for usage of those specific it...

• Resolves advanced-security/GSSAR alert #486