Lucene search
K

60 matches found

Github Security Blog
Github Security Blog
added 2021/08/25 8:55 p.m.35 views

Cross-site Scripting in comrak

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

6.1CVSS5.8AI score0.00741EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/08/25 8:55 p.m.17 views

GHSA-6WJ2-G87R-PM62 Cross-site Scripting in comrak

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

6.1CVSS5.8AI score0.00741EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/08/25 8:52 p.m.24 views

Cross site scripting in comrak

An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

6.1CVSS5.8AI score0.00686EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/08/25 8:52 p.m.11 views

GHSA-XMR7-V725-2JJR Cross site scripting in comrak

An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

6.1CVSS6AI score0.00686EPSS
Exploits0References5
CNVD
CNVD
added 2021/08/10 12:0 a.m.15 views

Mozilla Rust Cross-Site Scripting Vulnerability (CNVD-2021-61406)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...

6.1CVSS3.6AI score0.00741EPSS
Exploits1References1
NVD
NVD
added 2021/08/08 6:15 a.m.27 views

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

6.1CVSS0.00741EPSS
Exploits1References2
OSV
OSV
added 2021/08/08 6:15 a.m.15 views

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

6.1CVSS5.6AI score
Exploits0References2
Prion
Prion
added 2021/08/08 6:15 a.m.20 views

Design/Logic Flaw

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

4.3CVSS5.8AI score0.00741EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/08 5:10 a.m.30 views

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

6AI score0.00741EPSS
Exploits1References2
CVE
CVE
added 2021/08/08 5:10 a.m.116 views

CVE-2021-38186

The CVE-2021-38186 entry concerns the comrak crate for Rust, affected in versions before 0.10.1. The issue stems from improper handling of the & character, which can cause cross-site scripting (XSS) via HTML entities like &#. The vulnerability is described across multiple sources (e.g., Red Hat, ...

6.1CVSS5.8AI score0.00741EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/08 12:0 a.m.8 views

Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...

6.1CVSS5.3AI score0.00741EPSS
Exploits1References2
OSV
OSV
added 2021/05/04 12:0 p.m.27 views

RUSTSEC-2021-0063 XSS in `comrak`

comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...

6.1CVSS6.2AI score0.00741EPSS
Exploits1References3
RustSec
RustSec
added 2021/05/04 12:0 p.m.17 views

XSS in `comrak`

comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...

6.1CVSS1AI score0.00741EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2021/03/09 12:0 a.m.5 views

Mozilla Rust Cross-Site Scripting Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust in versions prior to comrak crate 0.9.1, which stems from the fact that the protection mechanism for data: and javascript: URIs is case-sensitive. No details o...

6.1CVSS5.9AI score0.00686EPSS
Exploits0References1
NVD
NVD
added 2021/02/25 1:15 a.m.20 views

CVE-2021-27671

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

6.1CVSS0.00686EPSS
Exploits0References1
Prion
Prion
added 2021/02/25 1:15 a.m.9 views

Design/Logic Flaw

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

4.3CVSS5.9AI score0.00686EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/25 12:33 a.m.20 views

CVE-2021-27671

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...

6.1AI score0.00686EPSS
Exploits0References1
CVE
CVE
added 2021/02/25 12:33 a.m.93 views

CVE-2021-27671

The CVE-2021-27671 issue affects the comrak crate for Rust (pre-0.9.1). The root cause is a case-sensitive protection check for data: and javascript: URLs, allowing data: URLs to bypass the guard and enable cross-site scripting (XSS). This is described consistently across sources (NVD entry and R...

6.1CVSS5.9AI score0.00686EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.7 views

Mozilla Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust in versions prior to comrak crate 0.9.1, which stems from the fact that the protection mechanism for data: and javascript: URIs is case-sensitive. No details o...

6.1CVSS6.2AI score0.00686EPSS
Exploits0References2
OSV
OSV
added 2021/02/21 12:0 p.m.27 views

RUSTSEC-2021-0026 XSS in `comrak`

The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched...

6.1CVSS6.1AI score0.00686EPSS
Exploits0References3
Rows per page
Query Builder