MidnightBSD

Advisories for xml_library_project

CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.

Products Affected

Vendor Product Version
xml_library_project xml_library *