Comrak@* Security Vulnerabilities and Issues — Comrak@* CVE List

Lucene search

Comrak ProjectComrak*

4 matches found

CVE•added 2021/08/08 6:15 a.m.•98 views

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.

6.1CVSS5.8AI score0.00201EPSS

CVE•added 2021/02/25 1:15 a.m.•82 views

CVE-2021-27671

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

6.1CVSS5.9AI score0.00216EPSS

CVE•added 2023/03/28 9:15 p.m.•45 views

CVE-2023-28631

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parse_document. This AST can then be converted to HTML via html::format_document_with_plugins. However, the HTML fo...

9.8CVSS7.2AI score0.00248EPSS

CVE•added 2023/03/28 9:15 p.m.•41 views

CVE-2023-28626

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users...

7.5CVSS6.1AI score0.00254EPSS