60 matches found
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...
CVE-2023-28631
CVE-2023-28631 affects the comrak Markdown parser/renderer (Rust). The issue arises when an AST is constructed manually and later formatted to HTML; the formatter assumes data is valid UTF-8, but some [u8] fields may not be, triggering bugs. Affected version is 0.17.0; remediation per sources is ...
CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...
CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...
CVE-2023-28626 Quadratic runtime when parsing Markdown in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Use...
CVE-2023-28626
CVE-2023-28626 affects the comrak crate (Rust) used for CommonMark/GFM parsing. Connected documents confirm the vulnerability is a set of quadratic parsing issues that can cause denial-of-service in services parsing Markdown, with remediation by upgrading to a newer comrak release (addressed in 0...
about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by CVE-2023-28631 via comrak (>=0.10.1 <=0.16.0)
comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: CVE-2023-28631 Source advisory: OSV:GHSA-5R3X-P7XX-X6Q5...
GHSA-5R3X-P7XX-X6Q5 Comrak AST node data is not validated (GHSL-2023-049)
Impact A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes...
Comrak AST node data is not validated (GHSL-2023-049)
Impact A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes...
GHSA-XXMQ-4VPH-956W Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)
Impact comrak is vulnerable to the upstream cmark issue, "Issue revealed by fuzzer". A large number of references in a markdown document can trigger an overly large response. Patches 0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits...
about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by unknown CVE via comrak (>=0.10.1 <=0.16.0)
comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XXMQ-4VPH-956W...
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)
Impact comrak is vulnerable to the upstream cmark issue, "Issue revealed by fuzzer". A large number of references in a markdown document can trigger an overly large response. Patches 0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits...
GHSA-8HQF-XJWP-P67V Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Impact A range of quadratic parsing issues from cmark/cmark-gfm are also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. Patches 0.17.0 contains fixes to known quadratic parsing issues. Workarounds n/a References...
about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by CVE-2023-28626 via comrak (>=0.10.1 <=0.16.0)
comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: CVE-2023-28626 Source advisory: OSV:GHSA-8HQF-XJWP-P67V...
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Impact A range of quadratic parsing issues from cmark/cmark-gfm are also present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. Patches 0.17.0 contains fixes to known quadratic parsing issues. Workarounds n/a References...
PT-2023-21857 · Comrak · Comrak
Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue concerns quadratic parsing problems in comrak, a CommonMark + GFM compatible Markdown parser and renderer written in rust. These problems can be exploited to craft denial-of-service attac...
PT-2023-33076 · Comrak +1 · Comrak +1
Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue is related to an overly large response triggered by a large number of references in a markdown document. This is due to an upstream cmark issue. Recommendations: For versions prior to...
Comrak 资源管理错误漏洞
Comrak is a CommonMark+GFM-compatible Markdown parser and renderer from the individual developer Asherah Connor. A resource management error vulnerability exists in versions of comrak prior to 0.17.0, which stems from a denial of service attack when parsing Markdown with Comrak...
comrak 安全漏洞
Comrak is a CommonMark+GFM compatible Markdown parser and renderer by Asherah Connor, a personal developer. A security vulnerability exists in versions of comrak prior to 0.17.0 that stems from not validating attacker-controlled data in AST nodes...
PT-2023-21863 · Comrak · Comrak
Name of the Vulnerable Software and Affected Versions: comrak versions prior to 0.17.0 Description: The issue arises when a Comrak AST is constructed manually and then converted to HTML, as the HTML formatting code assumes the AST is well-formed. This assumption can be violated if the AST contain...