PT-2023-24862 · Xml-Rs · Xml-Rs

00Xc

Publicado

2023-06-05

Atualizado

2025-01-08

CVE-2023-34411

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions xml-rs versions 0.8.9 through 0.8.13

Description The issue allows for a denial of service (panic) via an invalid <! token, such as <!DOCTYPEs/%<!A nesting, in an XML document.

Recommendations For xml-rs versions 0.8.9 through 0.8.13, update to version 0.8.14 or later to resolve the issue.

Exploit

Correção

XXE

Assertion Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2023-34411

GHSA-7GF7-JV65-WJMH

Xml-Rs