Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jM3g3LTM1NGYtNHAyeM4AA1LR
lol-html panics on certain HTML inputs
Impact
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.
Patches
The problem has been patched and released as v1.1.1
Workarounds
No workarounds exist.
Permalink: https://github.com/advisories/GHSA-c3x7-354f-4p2xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jM3g3LTM1NGYtNHAyeM4AA1LR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 9 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-c3x7-354f-4p2x, CVE-2023-4241
References:
- https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x
- https://nvd.nist.gov/vuln/detail/CVE-2023-4241
- https://github.com/advisories/GHSA-c3x7-354f-4p2x
Blast Radius: 1.0
Affected Packages
cargo:lol-html
Affected Version Ranges: < 1.1.1Fixed in: 1.1.1