Описание
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 27%
0.00096
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 2 лет назад
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
CVSS3: 7.5
debian
больше 2 лет назад
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of se ...
CVSS3: 7.5
github
больше 2 лет назад
xml-rs vulnerable to denial of service via invalid token in XML document
EPSS
Процентиль: 27%
0.00096
Низкий
7.5 High
CVSS3