Main Vulnerability Database SB2023082454

SB2023082454 - XSS in Rust

Published: August 24, 2023 Updated: September 2, 2024

Security Bulletin ID SB2023082454

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2023-40030)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when downloading Rust project dependencies with Cargo. A remote attacker can execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Remediation

Install update from vendor's website.

References

https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p
https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33
https://github.com/rust-lang/cargo/commit/f975722a0eac934c0722f111f107c4ea2f5c4365
https://github.com/rust-lang/cargo/pull/12291