Headline
CVE-2023-34411: Avoid panic when displaying unexpected token error · netvl/xml-rs@c09549a
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.
Commit
Permalink
Browse files
Browse the repository at this point in the history
Avoid panic when displaying unexpected token error
Avoid entering unreachable!() when displaying an error message for an invalid `<!` token. This fixes a panic when processing a malformed XML which contains such token in an unexpected place, like the following:
`<!DOCTYPEs/%<!A`
- Loading branch information
Related news
GHSA-7gf7-jv65-wjmh: xml-rs vulnerable to denial of service via invalid token in XML document
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.