CVE-2023-28626
- EPSS 0.34%
- Veröffentlicht 28.03.2023 21:15:11
- Zuletzt bearbeitet 21.11.2024 07:55:41
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This ...
CVE-2023-28631
- EPSS 0.33%
- Veröffentlicht 28.03.2023 21:15:11
- Zuletzt bearbeitet 21.11.2024 07:55:42
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html...
CVE-2021-38186
- EPSS 0.2%
- Veröffentlicht 08.08.2021 06:15:08
- Zuletzt bearbeitet 21.11.2024 06:16:35
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
CVE-2021-27671
- EPSS 0.22%
- Veröffentlicht 25.02.2021 01:15:13
- Zuletzt bearbeitet 21.11.2024 05:58:24
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.