CVE-2023-4241 HIGH

CVE-2023-4241: lol-html panics on certain HTML inputs

Vendor Cloudflare
Product lol-html
Weakness CWE-20 · Input validation
Published August 16, 2023
Last update October 2, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.

Key dates

02Disclosure timeline

August 16, 2023 CVE published
October 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-25879 ZDI-CAN-19389: Adobe Dimension OBJ File Improper Input Validation Remote Code Execution CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation CVE-2022-31036 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server CVE-2021-1466 Cisco SD-WAN vDaemon Buffer Overflow Vulnerability CVE-2022-29897 Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT