1. fast-xml-parser XML Injection Flaw Penetrates Firebase Admin Through Transitive Dependency Chain
A medium-severity XML injection vulnerability in `fast-xml-parser` versions below 5.7.0 has been identified as reachable through a transitive dependency chain affecting `firebase-admin` deployments. The flaw, cataloged as GHSA-gh4j-gqv2-49f6 with a CVSS score of 6.1, allows attackers to inject malformed XML structures ...