RSS   Vulnerabilities for 'Comrak'   RSS

2021-08-08
 
CVE-2021-38186

CWE-79
 

 
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.

 
2021-02-25
 
CVE-2021-27671

CWE-79
 

 
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

 


Copyright 2024, cxsecurity.com

 

Back to Top