crates.io package
xml-rs
pkg:cargo/xml-rs
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-34411 | — | >= 0.8.9, < 0.8.14 | 0.8.14 | Jun 5, 2023 | The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9. |
- CVE-2023-34411Jun 5, 2023affected >= 0.8.9, < 0.8.14fixed 0.8.14
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.