RUSTSEC-2022-0048

Source
https://rustsec.org/advisories/RUSTSEC-2022-0048
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0048.json
Withdrawn
2023-05-04T12:00:00Z
Published
2022-01-26T12:00:00Z
Modified
2023-05-05T07:39:54Z
Details

xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data.

Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data.

Alternatives

References

Affected packages

crates.io / xml-rs

Package

Name
xml-rs

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific 

{
    "cvss": null,
    "informational": "unmaintained",
    "categories": []
}