Fluid Attacks Database

Description

Cross-site Scripting in ammonia An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	rust-ammonia	>=0 <3.1.2-1	3.1.2-1
debian 14	rust-ammonia	>=0 <3.1.2-1	3.1.2-1
debian 13	rust-ammonia	>=0 <3.1.2-1	3.1.2-1
cargo	ammonia	>=3.0.0 <3.1.0 \|\| >=0 <2.1.3	3.1.0, 2.1.3

Aliases

1. CVE-2021-381932. NVD-2021-381933. OSV-DEBIAN-2021-381934. OSV-2021-381935. GCVE-2021-381936. SECURITY-TRACKER-CVE-2021-38193

References

1. https://github.com/rust-ammonia/ammonia/pull/1422. https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md3. https://rustsec.org/advisories/RUSTSEC-2021-0074.html