CVE-2021-38193

Опубликовано: 08 авг. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.

Ссылки

https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2021-0074.html
Exploit
Issue Tracking
Patch
Third Party Advisory
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2021-0074.html
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ammonia_project:ammonia:*:*:*:*:*:rust:*:*

Версия до 3.1.0 (исключая)

EPSS

Процентиль: 42%

0.00201

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-38193

CVSS3: 6.1

ubuntu

больше 4 лет назад

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.

CVE-2021-38193

CVSS3: 6.1

debian

больше 4 лет назад

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...

GHSA-5325-xw5m-phm3

CVSS3: 6.1

github

больше 4 лет назад

Cross-site Scripting in ammonia

EPSS

Процентиль: 42%

0.00201

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79