CVE-2025-54365

Name of the Vulnerable Software and Affected Versions fastapi-guard versions 3.0.1

Description The regular expression patch intended to mitigate a ReDoS vulnerability failed to adequately limit input string length. Specifically, the patch did not account for cases where the attributes within a <script> tag exceeded 100 characters, allowing bypass of the regex patterns. This could potentially lead to attacks such as Cross-Site Scripting (XSS) and SQL Injection.

Recommendations fastapi-guard version 3.0.1: Upgrade to version 3.0.2 to address the issue.