comrak

crates.io4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting comrakpage 1 of 1

CVE-2021-27671MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.9.1
2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
CVE-2021-38186MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.10.1
2021-08-08
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.
CVE-2023-28626MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.17.0
2023-03-28
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Mark…
CVE-2023-28631MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.17.0
2023-03-28
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTM…

Check whether comrak is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for comrak CVEs against the assets you own.

Start Free Scan →