lol-html panics on certain HTML inputs
CVE-2023-4241

7.5HIGH

Key Information:

Vendor: Cloudflare
Status: Lol-html
Vendor: CVE Published:; 16 August 2023

What is CVE-2023-4241?

The lol-html library from Cloudflare is susceptible to an input processing vulnerability that can lead to application panics when handling specific third-party HTML inputs. This issue affects any application that integrates the library to parse or manipulate arbitrary HTML content, potentially compromising the stability of the application. Developers should ensure they are using the latest version of the library to mitigate risks associated with this vulnerability.

Affected Version(s)

lol-html 0 < 1.1.1

References

https://github.com/cloudflare/lol-html/security/advisorie...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Aug 8, 2023