Design/Logic Flaw

2021-02-2501:15:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.8%

JSON

An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.

CPENameOperatorVersion
comraklt0.9.1

CPE	Name	Operator	Version
	comrak	lt	0.9.1

References

rustsec.org/advisories/RUSTSEC-2021-0026.html