Lucene search
K

60 matches found

Cvelist
Cvelist
added 2023/03/28 8:17 p.m.46 views

CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

5.3CVSS9.5AI score0.01268EPSS
Exploits0References5
CVE
CVE
added 2023/03/28 8:17 p.m.58 views

CVE-2023-28631

CVE-2023-28631 affects the comrak Markdown parser/renderer (Rust). The issue arises when an AST is constructed manually and later formatted to HTML; the formatter assumes data is valid UTF-8, but some [u8] fields may not be, triggering bugs. Affected version is 0.17.0; remediation per sources is ...

9.8CVSS7.2AI score0.01268EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/28 8:14 p.m.6 views

CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...

5.3CVSS6.6AI score0.0112EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/03/28 8:14 p.m.41 views

CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...

5.3CVSS8.6AI score0.0112EPSS
Exploits0References5
OSV
OSV
added 2023/03/28 8:14 p.m.12 views

CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...

5.3CVSS7.4AI score0.0112EPSS
Exploits0References7
CVE
CVE
added 2023/03/28 8:14 p.m.57 views

CVE-2023-28626

CVE-2023-28626 affects the comrak crate (Rust) used for CommonMark/GFM parsing. Connected documents confirm the vulnerability is a set of quadratic parsing issues that can cause denial-of-service in services parsing Markdown, with remediation by upgrading to a newer comrak release (addressed in 0...

7.5CVSS6.1AI score0.0112EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/03/28 2:45 p.m.6 views

about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by CVE-2023-28631 via comrak (>=0.10.1 <=0.16.0)

comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: CVE-2023-28631 Source advisory: OSV:GHSA-5R3X-P7XX-X6Q5...

9.8CVSS7.2AI score0.01268EPSS
Exploits0
OSV
OSV
added 2023/03/28 2:45 p.m.18 views

GHSA-5R3X-P7XX-X6Q5 Comrak AST node data is not validated (GHSL-2023-049)

Impact A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes...

5.3CVSS7.2AI score0.01268EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/03/28 2:45 p.m.26 views

Comrak AST node data is not validated (GHSL-2023-049)

Impact A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes...

9.8CVSS8.9AI score0.01268EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/03/28 2:44 p.m.14 views

GHSA-XXMQ-4VPH-956W Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)

Impact comrak is vulnerable to the upstream cmark issue, "Issue revealed by fuzzer". A large number of references in a markdown document can trigger an overly large response. Patches 0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits...

5.3CVSS7AI score
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/03/28 2:44 p.m.5 views

about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by unknown CVE via comrak (>=0.10.1 <=0.16.0)

comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XXMQ-4VPH-956W...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/28 2:44 p.m.18 views

Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)

Impact comrak is vulnerable to the upstream cmark issue, "Issue revealed by fuzzer". A large number of references in a markdown document can trigger an overly large response. Patches 0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits...

6.6AI score
Exploits0References5Affected Software1
OSV
OSV
added 2023/03/28 2:40 p.m.10 views

GHSA-8HQF-XJWP-P67V Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)

Impact A range of quadratic parsing issues from cmark/cmark-gfm are also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. Patches 0.17.0 contains fixes to known quadratic parsing issues. Workarounds n/a References...

5.3CVSS7AI score0.0112EPSS
Exploits0References18
vulnersOsv
vulnersOsv
added 2023/03/28 2:40 p.m.7 views

about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by CVE-2023-28626 via comrak (>=0.10.1 <=0.16.0)

comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: CVE-2023-28626 Source advisory: OSV:GHSA-8HQF-XJWP-P67V...

7.5CVSS7.1AI score0.0112EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/28 2:40 p.m.22 views

Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)

Impact A range of quadratic parsing issues from cmark/cmark-gfm are also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. Patches 0.17.0 contains fixes to known quadratic parsing issues. Workarounds n/a References...

7.5CVSS8.5AI score0.0112EPSS
Exploits0References18Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.1 views

PT-2023-21857 · Comrak · Comrak

Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue concerns quadratic parsing problems in comrak, a CommonMark + GFM compatible Markdown parser and renderer written in rust. These problems can be exploited to craft denial-of-service attac...

7.5CVSS7.2AI score0.0112EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.2 views

PT-2023-33076 · Comrak +1 · Comrak +1

Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue is related to an overly large response triggered by a large number of references in a markdown document. This is due to an upstream cmark issue. Recommendations: For versions prior to...

5.3CVSS7AI score
Exploits0References6
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.5 views

Comrak 资源管理错误漏洞

Comrak is a CommonMark+GFM-compatible Markdown parser and renderer from the individual developer Asherah Connor. A resource management error vulnerability exists in versions of comrak prior to 0.17.0, which stems from a denial of service attack when parsing Markdown with Comrak...

7.5CVSS7.2AI score0.0112EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.5 views

comrak 安全漏洞

Comrak is a CommonMark+GFM compatible Markdown parser and renderer by Asherah Connor, a personal developer. A security vulnerability exists in versions of comrak prior to 0.17.0 that stems from not validating attacker-controlled data in AST nodes...

9.8CVSS8.2AI score0.01268EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.5 views

PT-2023-21863 · Comrak · Comrak

Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue arises when a Comrak AST is constructed manually and then converted to HTML, as the HTML formatting code assumes the AST is well-formed. This assumption can be violated if the AST contain...

9.8CVSS9.1AI score0.01268EPSS
Exploits0References11
Rows per page
Query Builder