GoogleOSV:GHSA-7GF7-JV65-WJMHxml-rs vulnerable to denial of service via invalid token in XML document
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.3%
The xml-rs crate >= 0.8.9 and < 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.
References
github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f
github.com/netvl/xml-rs
github.com/netvl/xml-rs/commit/014d808be900c85a0afc5ccdfe668be040d175aa
github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c
github.com/netvl/xml-rs/compare/0.8.13...0.8.14
github.com/netvl/xml-rs/pull/226
nvd.nist.gov/vuln/detail/CVE-2023-34411
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.3%