[fast-xml-parser] fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

**[fast-xml-parser] fast-xml-parser has stack overflow in XMLBuilder with preserveOrder**

Impact Application crashes with stack overflow when user use XML builder with prserveOrder:true for following or similar input [{ 'foo': [ { 'bar': [{ '@_V': 'baz' }] } ] }] Cause: arrToStr was not validating if the input is an array or a string and treating all non-array values as text content. What kind of vulnerability is it. Patches Yes in 5.3.8 Workarounds Use XML builder with preserveOrder:false or check the input data before passing to builder. References Are there any links users can visit to find out more. References https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3 https://nvd.nist.gov/vuln/detail/CVE-2026-27942 https://github.com/NaturalIntelligence/fast-xml-parser/pull/791 https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a https://github.com/advisories/GHSA-fj3w-jwp8-x2g3

---

**[devsupporter 해설]**

이 기사는 GitHub Security Advisories에서 제공하는 최신 개발 동향입니다. 관련 도구나 기술에 대해 더 알아보시려면 원본 링크를 참고하세요.