AIKIDO-2025-10768
sitemap is vulnerable to Uncontrolled Resource Consumption
25
Low Risk
This Affects:
sitemapTL;DR
Affected versions of this package are vulnerable to Resource Exhaustion due to inadequate enforcement of input constraints, including limits of URLs per sitemap, images and videos per entry, string length restrictions, URL validation allowing only http/https protocols with up to 2048 characters, and custom namespace validation capped. An attacker could exploit this vulnerability by submitting a malicious sitemap that exceeds these limits, such as flooding the system with excessive URLs to cause a denial-of-service attack, bypassing URL checks to inject harmful links, or exploiting string or namespace limits to trigger buffer overflows or XML injection, potentially compromising application stability and security.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
sitemap is vulnerable to Uncontrolled Resource Consumption in versions 7.0.0 - 8.0.2.
How to fix this
Upgrade the sitemap library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant