mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Alexander Kjäll f4a8973706 add cve info to advisories (#1099 )

* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

2021-11-06 21:37:35 +01:00

956 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0063"
package = "comrak"
date = "2021-05-04"
url = "https://github.com/kivikakk/comrak/releases/tag/0.10.1"
categories = ["format-injection"]
keywords = ["xss"]
aliases = ["CVE-2021-38186"]

[versions]
patched = [">= 0.10.1"]

XSS in `comrak`

comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm.

Ampersands were not being correctly escaped in link targets, making it possible to fashion unsafe URLs using schemes like data: or javascript: by entering them as HTML entities, e.g. &#x64&#x61&#x74&#x61&#x3a. The intended behaviour, demonstrated upstream, is that these should be escaped and therefore harmless, but this behaviour was broken in comrak.

956 B Raw Blame History

XSS in comrak

956 B

Raw Blame History

XSS in `comrak`