Headline
GHSA-7gf7-jv65-wjmh: xml-rs vulnerable to denial of service via invalid token in XML document
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.
xml-rs vulnerable to denial of service via invalid token in XML document
Moderate severity GitHub Reviewed Published Jun 5, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023
Related news
CVE-2023-34411: Avoid panic when displaying unexpected token error · netvl/xml-rs@c09549a
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.