Skip to content

JS injection with user supplied ids

Moderate
ealmloff published GHSA-34pj-292j-xr69 Jan 22, 2026

Package

cargo dioxus_components (Rust)

Affected versions

have not checked, `main` is affected

Patched versions

tag your stuff

Description

Summary

use_animated_open formats a string for eval with an id that can be user supplied.

Impact

Who is impacted? People (and language models)who silly things with ids.

Severity

Moderate

CVE ID

CVE-2026-24474

Weaknesses

No CWEs

Credits