0.001 Low
EPSS
Percentile
33.8%
The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched.
data:
javascript:
Data:
crates.io/crates/comrak
github.com/kivikakk/comrak/releases/tag/0.9.1
rustsec.org/advisories/RUSTSEC-2021-0026.html