-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability lies in the fact that user-controlled data, when logged, was not sanitized for ANSI escape sequences. This is because the logging macros in tracing produce fmt::Arguments for the message field. The Debug implementation for fmt::Arguments does not escape control characters, unlike the Debug implementation for str. The formatters in tracing-subscriber used this Debug implementation directly on the message field, leading to the vulnerability.
Additionally, when logging std::error::Error types, their Display ({}) implementation was used to format them into a string, which was then logged without sanitization. If an attacker could control the string returned by an error's Display implementation, they could inject ANSI escape sequences.
The patch addresses this by introducing a new Escape wrapper. This wrapper is applied to values before they are formatted and written to the output. The Display and Debug implementations for Escape use a custom writer that sanitizes the string on-the-fly, removing or escaping any ANSI control characters. The patch applies this Escape wrapper in all the identified vulnerable functions within the DefaultVisitor and PrettyVisitor formatters, thus mitigating the ANSI injection vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tracing-subscriber | rust | < 0.3.20 | 0.3.20 |
RustRustOngoing coverage of React2Shell