Vulnerability Database

296,702

Total vulnerabilities in the database

Space bug in `clean_text`

An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug:

let html = format!(&quot;&lt;div title={}&gt;&quot;, clean_text(user_supplied_string));

Applications are not affected if they quote their attributes, or if they don't use clean_text at all.

Published: Jun 16, 2022
Updated: Apr 14, 2023
GHSA: GHSA-p2g9-94wh-65c2
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ammonia	3.0.0	3.1.3

https://github.com/rust-ammonia/ammonia/commit/6c7bf22907a75d1bbaed52e4f7dd9716f5e6f737
https://github.com/rust-ammonia/ammonia/pull/147
https://rustsec.org/advisories/RUSTSEC-2022-0003.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo