Описание
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)
Impact
comrak is vulnerable to the upstream cmark issue, "Issue revealed by fuzzer". A large number of references in a markdown document can trigger an overly large response.
Patches
0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits reference output to a 100Kb maximum.
Workarounds
n/a
References
Пакеты
Наименование
comrak
rust
Затронутые версииВерсия исправления
< 0.17.0
0.17.0
5.3 Medium
CVSS3
5.3 Medium
CVSS3