mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
26 lines
756 B
TOML
26 lines
756 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0001"
|
|
package = "ammonia"
|
|
date = "2019-04-27"
|
|
title = "Uncontrolled recursion leads to abort in HTML serialization"
|
|
url = "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210"
|
|
keywords = ["stack-overflow", "crash"]
|
|
description = """
|
|
Affected versions of this crate did use recursion for serialization of HTML
|
|
DOM trees.
|
|
|
|
This allows an attacker to cause abort due to stack overflow by providing
|
|
a pathologically nested input.
|
|
|
|
The flaw was corrected by serializing the DOM tree iteratively instead.
|
|
"""
|
|
aliases = ["CVE-2019-15542"]
|
|
|
|
[affected.functions]
|
|
"ammonia::clean" = ["< 2.1.0"]
|
|
"ammonia::Document::to_string" = ["< 2.1.0"]
|
|
"ammonia::Document::write_to" = ["< 2.1.0"]
|
|
|
|
[versions]
|
|
patched = [">= 2.1.0"]
|