An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
References
Link | Resource |
---|---|
https://rustsec.org/advisories/RUSTSEC-2021-0026.html | Third Party Advisory |
Configurations
History
02 Mar 2021, 13:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:comrak_project:comrak:*:*:*:*:*:rust:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 | |
References | (MISC) https://rustsec.org/advisories/RUSTSEC-2021-0026.html - Third Party Advisory |
25 Feb 2021, 05:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-25 01:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-27671
Mitre link : CVE-2021-27671
CVE.ORG link : CVE-2021-27671
JSON object : View
Products Affected
comrak_project
- comrak
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')