CVE-2023-4241 - OpenCVE

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cloudflare	Lol-html

Configuration 1 [-]

cpe:2.3:a:cloudflare:lol-html:*:*:*:*:*:rust:*:*

No data.

References

Link	Providers
https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x

History

No history.

MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2023-08-16T10:13:12.564Z

Updated: 2024-08-02T07:24:03.613Z

Reserved: 2023-08-08T15:06:18.780Z

Link: CVE-2023-4241

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-16T11:15:11.377

Modified: 2023-08-22T16:49:18.577

Link: CVE-2023-4241

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4241", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2023-08-08T15:06:18.780Z", "datePublished": "2023-08-16T10:13:12.564Z", "dateUpdated": "2024-08-02T07:24:03.613Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "lol-html", "vendor": "Cloudflare", "versions": [{"changes": [{"at": "1.1.1", "status": "unaffected"}], "lessThan": "1.1.1", "status": "affected", "version": "0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.<br><br>"}], "value": "lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.\n\n"}], "impacts": [{"capecId": "CAPEC-130", "descriptions": [{"lang": "en", "value": "CAPEC-130 Excessive Allocation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2023-08-16T10:13:12.564Z"}, "references": [{"url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x"}], "source": {"discovery": "INTERNAL"}, "title": "lol-html panics on certain HTML inputs", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.613Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x", "tags": ["x_transferred"]}]}]}}