Vulnerability DatabaseWS-2022-0033
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2022-0033
November 03, 2024
The crate Ammonia has a format injection due to an incorrect mapping from HTML specification to ASCII codes was used. Applications are not affected if they quote their attributes, or if they don't use clean_text at all. Fixed in 3.1.3. Versions before 3.0.0 are unaffected.
Related ResourcesĀ (4)
https://crates.io/crates/ammonia
https://github.com/rust-ammonia/ammonia/commit/b2b4346a2f16f34bc3d5c6e4f202e3471464fee2
https://rustsec.org/advisories/RUSTSEC-2022-0003.html
https://github.com/rust-ammonia/ammonia/pull/147
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW