Vulnerability Description
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ammonia Project | Ammonia | < 3.1.0 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEThird Party Advisory
- https://rustsec.org/advisories/RUSTSEC-2021-0074.htmlExploitIssue TrackingPatch
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEThird Party Advisory
- https://rustsec.org/advisories/RUSTSEC-2021-0074.htmlExploitIssue TrackingPatch
FAQ
What is CVE-2021-38193?
CVE-2021-38193 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
How severe is CVE-2021-38193?
CVE-2021-38193 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38193?
Check the references section above for vendor advisories and patch information. Affected products include: Ammonia Project Ammonia.