CVE-2021-38193: Cross-site Scripting in ammonia

August 25, 2021

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.

References

github.com/advisories/GHSA-5325-xw5m-phm3
github.com/rust-ammonia/ammonia
github.com/rust-ammonia/ammonia/pull/142
nvd.nist.gov/vuln/detail/CVE-2021-38193
raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md
rustsec.org/advisories/RUSTSEC-2021-0074.html

Code Behaviors & Features

Detect and mitigate CVE-2021-38193 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →