Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
comrak project comrak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28626
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in ve...
Comrak Project Comrak
NA
CVE-2023-28631
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins...
Comrak Project Comrak
4.3
CVSSv2
CVE-2021-38186
An issue exists in the comrak crate prior to 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
Comrak Project Comrak
4.3
CVSSv2
CVE-2021-27671
An issue exists in the comrak crate prior to 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
Comrak Project Comrak
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started