Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
comrak vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-28626
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in ve...
Comrak Project Comrak
9.8
CVSSv3
CVE-2023-28631
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins...
Comrak Project Comrak
6.1
CVSSv3
CVE-2021-27671
An issue exists in the comrak crate prior to 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
Comrak Project Comrak
6.1
CVSSv3
CVE-2021-38186
An issue exists in the comrak crate prior to 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
Comrak Project Comrak
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started