Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
comrak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28626
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in ve...
Comrak Project Comrak
NA
CVE-2023-28631
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins...
Comrak Project Comrak
4.3
CVSSv2
CVE-2021-27671
An issue exists in the comrak crate prior to 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
Comrak Project Comrak
4.3
CVSSv2
CVE-2021-38186
An issue exists in the comrak crate prior to 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
Comrak Project Comrak
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started