Name of the Vulnerable Software and Affected Versions fast-xml-parser (affected versions not specified)

Description The issue concerns the validation of entity names in the fast-xml-parser code. The current approach checks for the presence of invalid characters, which can be risky as it may not cover all possible invalid characters. A safer method would be to validate entity names against the XML specification, which defines a Name as a NameStartChar followed by zero or more NameChar. The NameStartChar and NameChar are defined by specific Unicode character ranges. To improve validation, a regular expression can be built to represent this definition and check if the given name matches.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.