devand
devand copied to clipboard
alepez
RUSTSEC-2021-0026: XSS in `comrak`
XSS in
comrak
| Details | |
|---|---|
| Package | comrak |
| Version | 0.7.0 |
| URL | https://github.com/kivikakk/comrak/releases/tag/0.9.1 |
| Date | 2021-02-21 |
| Patched versions | >=0.9.1 |
The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}