GHSA-xmr7-v725-2jjr

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Cross site scripting in comrak

An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting (XSS) can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

Ссылки

Пакеты

Наименование

comrak

rust

Затронутые версииВерсия исправления

< 0.9.1

0.9.1

EPSS

Процентиль: 44%

0.00216

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2021-27671

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-27671

CVSS3: 6.1

nvd

почти 5 лет назад

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

EPSS

Процентиль: 44%

0.00216

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2021-27671

Дефекты

CWE-79