RUSTSEC-2021-0026

XSS in comrak

Issued
Package
comrak (crates.io)
Type
Vulnerability
Categories
  • format-injection
Aliases
Details
https://github.com/kivikakk/comrak/releases/tag/0.9.1
Patched
  • >=0.9.1
Keywords
  • xss

Description

The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched.

More