0.001 Low
EPSS
Percentile
33.8%
An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting (XSS) can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
github.com/kivikakk/comrak
github.com/kivikakk/comrak/commit/b3efbb6e427bcd33bb14db45753ad4fd98e0f5bf
github.com/kivikakk/comrak/releases/tag/0.9.1
nvd.nist.gov/vuln/detail/CVE-2021-27671
rustsec.org/advisories/RUSTSEC-2021-0026.html