Miggo Logo

CVE-2021-38193: Cross-site Scripting in ammonia

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.4254%
Published
8/25/2021
Updated
2/3/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ammoniarust>= 3.0.0, < 3.1.03.1.0
ammoniarust< 2.1.32.1.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper namespace handling during DOM processing. The primary entry point ammonia::clean and tag allowance mechanism Builder::add_tags work in conjunction - the cleaner didn't properly validate namespace transitions when processing elements allowed via the builder. The GitHub fix introduced namespace validation checks during DOM construction, confirming these were missing in the vulnerable versions. The combination of allowing RCDATA elements and lacking namespace validation in DOM processing created the XSS vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** *mmoni* *r*t* ***or* *.*.* *or Rust. XSS **n o**ur ****us* t** p*rsin* *i***r*n**s *or *TML, SV*, *n* M*t*ML *r* mis**n*l**, * simil*r issu* to *V*-****-*****.

Reasoning

T** vuln*r**ility st*ms *rom improp*r n*m*sp*** **n*lin* *urin* *OM pro**ssin*. T** prim*ry *ntry point `*mmoni*::*l**n` *n* t** *llow*n** m****nism `*uil**r::***_t**s` work in *onjun*tion - t** *l**n*r *i*n't prop*rly v*li**t* n*m*sp*** tr*nsitions