Lucene search
K
Comrak ProjectComrak

4 matches found

CVE
CVE
added 2021/08/08 5:10 a.m.116 views

CVE-2021-38186

The CVE-2021-38186 entry concerns the comrak crate for Rust, affected in versions before 0.10.1. The issue stems from improper handling of the & character, which can cause cross-site scripting (XSS) via HTML entities like &#. The vulnerability is described across multiple sources (e.g., Red Hat, ...

6.1CVSS5.8AI score0.00741EPSS
CVE
CVE
added 2021/02/25 12:33 a.m.93 views

CVE-2021-27671

The CVE-2021-27671 issue affects the comrak crate for Rust (pre-0.9.1). The root cause is a case-sensitive protection check for data: and javascript: URLs, allowing data: URLs to bypass the guard and enable cross-site scripting (XSS). This is described consistently across sources (NVD entry and R...

6.1CVSS5.9AI score0.00686EPSS
CVE
CVE
added 2023/03/28 8:17 p.m.58 views

CVE-2023-28631

CVE-2023-28631 affects the comrak Markdown parser/renderer (Rust). The issue arises when an AST is constructed manually and later formatted to HTML; the formatter assumes data is valid UTF-8, but some [u8] fields may not be, triggering bugs. Affected version is 0.17.0; remediation per sources is ...

9.8CVSS7.2AI score0.01268EPSS
CVE
CVE
added 2023/03/28 8:14 p.m.57 views

CVE-2023-28626

CVE-2023-28626 affects the comrak crate (Rust) used for CommonMark/GFM parsing. Connected documents confirm the vulnerability is a set of quadratic parsing issues that can cause denial-of-service in services parsing Markdown, with remediation by upgrading to a newer comrak release (addressed in 0...

7.5CVSS6.1AI score0.0112EPSS