CVE-2021-27671

Name of the Vulnerable Software and Affected Versions comrak crate versions prior to 0.9.1

Description An issue in the comrak crate allows cross-site scripting (XSS) to occur due to a case-sensitive protection mechanism for data: and javascript: URIs. This enables attackers to use variations like Data: to launch an attack.

Recommendations For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider implementing case-insensitive matching for unsafe URL prefixes, such as data: or javascript:, to prevent exploitation.