lol-html panics on certain HTML inputs

High

inikulin published GHSA-c3x7-354f-4p2x

Aug 8, 2023

Package

lol-html (Rust)

Affected versions

< 1.1.1

Patched versions

1.1.1

Description

Impact

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.

Patches

The problem has been patched and released as v1.1.1

Workarounds

No workarounds exist.

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H