VYPR
High severityNVD Advisory· Published Jun 5, 2023· Updated Jan 8, 2025

CVE-2023-34411

CVE-2023-34411

Description

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
xml-rscrates.io
>= 0.8.9, < 0.8.140.8.14

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.