Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Comrak Security Vulnerabilities

cve
cve

CVE-2023-28626

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0....

7.5CVSS

8.2AI Score

0.002EPSS

2023-03-28 09:15 PM
26
cve
cve

CVE-2023-28631

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parse_document. This AST can then be converted to HTML via html::format_document_with_plugins. However, the HTML...

9.8CVSS

9.1AI Score

0.003EPSS

2023-03-28 09:15 PM
33
cve
cve

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML...

6.1CVSS

5.8AI Score

0.001EPSS

2021-08-08 06:15 AM
84
9
cve
cve

CVE-2021-27671

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an...

6.1CVSS

5.9AI Score

0.001EPSS

2021-02-25 01:15 AM
63
5