GHSA-c3x7-354f-4p2x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c3x7-354f-4p2x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-c3x7-354f-4p2x/GHSA-c3x7-354f-4p2x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c3x7-354f-4p2x
- Aliases
- Published
- 2023-08-09T13:17:53Z
- Modified
- 2023-11-08T04:13:27.989358Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- lol-html panics on certain HTML inputs
- Details
-
Impact
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.
Patches
The problem has been patched and released as v1.1.1
Workarounds
No workarounds exist.
- Database specific
{ "nvd_published_at": "2023-08-16T11:15:11Z", "cwe_ids": [ "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-09T13:17:53Z" }- References
Affected packages
crates.io / lol-html
Package
- Name
- lol-html
- View open source insights on deps.dev
- Purl
- pkg:cargo/lol-html