CVE-2023-34411 Information

Description

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.

Reference

https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c https://github.com/netvl/xml-rs/pull/226 https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f https://github.com/netvl/xml-rs/compare/0.8.13…0.8.14