CVE-2023-4241 - Vulnerability Details - OpenCVE

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00186.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cloudflare	Lol-html

Configuration 1 [-]

cpe:2.3:a:cloudflare:lol-html:*:*:*:*:*:rust:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2267	lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.
Github GHSA	GHSA-c3x7-354f-4p2x	lol-html panics on certain HTML inputs

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x

History

Wed, 02 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:cloudflare:lol-html::::::::
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2023-08-16T10:13:12.564Z

Updated: 2024-10-02T16:12:50.008Z

Reserved: 2023-08-08T15:06:18.780Z

Link: CVE-2023-4241

Vulnrichment

Updated: 2024-08-02T07:24:03.613Z

NVD

Status : Modified

Published: 2023-08-16T11:15:11.377

Modified: 2024-11-21T08:34:41.727

Link: CVE-2023-4241

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4241", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2023-08-08T15:06:18.780Z", "datePublished": "2023-08-16T10:13:12.564Z", "dateUpdated": "2024-10-02T16:12:50.008Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "lol-html", "vendor": "Cloudflare", "versions": [{"changes": [{"at": "1.1.1", "status": "unaffected"}], "lessThan": "1.1.1", "status": "affected", "version": "0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.<br><br>"}], "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.\n\n"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2023-08-16T10:13:12.564Z"}, "references": [{"url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x"}], "source": {"discovery": "INTERNAL"}, "title": "lol-html panics on certain HTML inputs", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.613Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "cloudflare", "product": "lol-html", "cpes": ["cpe:2.3:a:cloudflare:lol-html:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.1.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T16:11:18.728012Z", "id": "CVE-2023-4241", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:12:50.008Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.613Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4241", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T16:11:18.728012Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cloudflare:lol-html:*:*:*:*:*:*:*:*"], "vendor": "cloudflare", "product": "lol-html", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:12:41.897Z"}}], "cna": {"title": "lol-html panics on certain HTML inputs", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cloudflare", "product": "lol-html", "versions": [{"status": "affected", "changes": [{"at": "1.1.1", "status": "unaffected"}], "version": "0", "lessThan": "1.1.1", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.\n\n", "supportingMedia": [{"type": "text/html", "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.<br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2023-08-16T10:13:12.564Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4241", "state": "PUBLISHED", "dateUpdated": "2024-10-02T16:12:50.008Z", "dateReserved": "2023-08-08T15:06:18.780Z", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "datePublished": "2023-08-16T10:13:12.564Z", "assignerShortName": "cloudflare"}, "dataVersion": "5.1"}