crates.io package
comrak
pkg:cargo/comrak
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28631 | — | < 0.17.0 | 0.17.0 | Mar 28, 2023 | comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins | ||
| CVE-2023-28626 | — | < 0.17.0 | 0.17.0 | Mar 28, 2023 | comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in ve | ||
| CVE-2021-38186 | — | < 0.10.1 | 0.10.1 | Aug 8, 2021 | An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities. | ||
| CVE-2021-27671 | — | < 0.9.1 | 0.9.1 | Feb 25, 2021 | An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack. |
- CVE-2023-28631Mar 28, 2023affected < 0.17.0fixed 0.17.0
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins
- CVE-2023-28626Mar 28, 2023affected < 0.17.0fixed 0.17.0
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in ve
- CVE-2021-38186Aug 8, 2021affected < 0.10.1fixed 0.10.1
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
- CVE-2021-27671Feb 25, 2021affected < 0.9.1fixed 0.9.1
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.