ultimate-sitemap-parser@1.3.1

A performant library for parsing and crawling sitemaps

  • latest version

    1.8.1

  • latest non vulnerable version

  • first published

    7 years ago

  • latest version published

    18 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the ultimate-sitemap-parser package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    ultimate-sitemap-parser is an A performant library for parsing and crawling sitemaps

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the gunzip process. An attacker can exhaust system memory or crash the application by serving a specially crafted gzip-compressed sitemap file that, when decompressed, expands far beyond the intended size limit.

    How to fix Denial of Service (DoS)?

    Upgrade ultimate-sitemap-parser to version 1.8.1 or higher.

    [,1.8.1)
    • H
    Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

    ultimate-sitemap-parser is an A performant library for parsing and crawling sitemaps

    Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') through the sitemap_tree_for_homepage and sitemap_from_str functions when parsing attacker-controlled XML content without restrictions on DTD declarations or recursive entity references. An attacker can cause unbounded CPU and memory consumption by supplying a malicious XML payload with deeply nested entity expansions.

    How to fix Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')?

    Upgrade ultimate-sitemap-parser to version 1.8.1 or higher.

    [,1.8.1)