CVE-2023-4241: 
Rust vulnerability analysis and mitigation

lol-html, a Rust library for HTML processing, was found to contain a vulnerability (CVE-2023-4241) that can cause panics when processing certain HTML inputs. The vulnerability was discovered and disclosed on August 8, 2023, affecting all versions of lol-html prior to version 1.1.1. This security issue impacts any system processing arbitrary third-party HTML with the library (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and while it doesn't impact confidentiality or integrity, it can significantly affect system availability (GitHub Advisory, NVD).

The primary impact of this vulnerability is on system availability. When exploited, it can cause the application to panic when processing specially crafted HTML inputs, potentially leading to service disruption. The vulnerability specifically affects the availability of systems processing third-party HTML content (GitHub Advisory).

The vulnerability has been patched in version 1.1.1 of lol-html. Users are strongly advised to upgrade to this version or later as no other workarounds exist (GitHub Advisory).