CVE-2021-27671 – comrak

Package

Manager: cargo
Name: comrak
Vulnerable Version: >=0 <0.9.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00216 pctl0.44192

Details

Cross site scripting in comrak An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting (XSS) can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

Metadata

Created: 2021-08-25T20:52:12Z
Modified: 2023-03-22T20:54:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-xmr7-v725-2jjr/GHSA-xmr7-v725-2jjr.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-xmr7-v725-2jjr
Finding: F008
Auto approve: 1