BlackDuck Vulnerability: fast-xml-parser DoS issue (Transitive Dependency)

[deepikaSingh2711]

BlackDuck scan has reported a vulnerability in fast-xml-parser, which is included as a transitive dependency in the cds-feature component.

The vulnerability exists in the XMLBuilder component when the preserveOrder option is set to true. Improper input validation may allow specially crafted XML input to cause deep recursion, leading to a stack overflow and potential Denial-of-Service (DoS).

Since the dependency is transitive, the issue needs to be resolved by updating dependency version.

https://sap.blackducksoftware.com/api/projects/d9c85527-97c0-4758-947e-6eaa349d2ca1/versions/f9685608-cf5d-4af6-9885-4592f60a596a/components?filter=bomInclusion%3Afalse&filter=bomMatchInclusion%3Afalse&filter=bomMatchReviewStatus%3Areviewed&filter=securityRisk%3AMEDIUM&limit=100&offset=0

another issue related to this only

https://sap.blackducksoftware.com/api/projects/d9c85527-97c0-4758-947e-6eaa349d2ca1/versions/f9685608-cf5d-4af6-9885-4592f60a596a/vulnerabilities?filter=bomComponents%3AaHR0cHM6Ly9zYXAuYmxhY2tkdWNrc29mdHdhcmUuY29tL2FwaS9jb21wb25lbnRzL2UzZTE4ZTViLThkZGMtNGRkNC04YTFhLWMyMDkxODJkYzc4Ny92ZXJzaW9ucy84YjI0NmNjNy0zNTNkLTRiZTgtYjFhMi0wMzI1MjhkOTVlZGE%3D&limit=100&offset=0

[github-actions]

👋 Hello @deepikaSingh2711, thank you for submitting this issue. Our team is reviewing your report and will follow up with you as soon as possible.

[Schmarvinius]

Closing this issue since it is about cap-js/attachments not com.sap.cds/cds-feature-attachments