Moderate severityNVD Advisory· Published Jan 11, 2021· Updated Feb 13, 2025
Injection in Redcarpet
CVE-2020-26298
Description
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escape_html option was being used. This is fixed in version 3.5.1 by the referenced commit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
redcarpetRubyGems | < 3.5.1 | 3.5.1 |
Affected products
88- ghsa-coords88 versionspkg:gem/redcarpetpkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/influxdb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ec2-api&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-ec2-api&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-ec2-api&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ec2-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-ec2-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-eventlet&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-eventlet&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-monasca-common&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-monasca-common&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-monasca-common&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-redcarpet&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-redcarpet&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
< 3.5.1+ 87 more
- (no CPE)range: < 3.5.1
- (no CPE)range: < 8.0+git.1632499354.a56668f-3.82.1
- (no CPE)range: < 8.0+git.1632499354.a56668f-3.82.1
- (no CPE)range: < 9.0+git.1628097238.f6cbb0e-3.29.1
- (no CPE)range: < 8.0+git.1627997000.6c3bc04-3.30.1
- (no CPE)range: < 8.0+git.1627997000.6c3bc04-3.30.1
- (no CPE)range: < 9.0+git.1627995376.30bdf85-3.25.1
- (no CPE)range: < 6.0+git.1630614261.26948f746-3.37.2
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 8.20210806-1.35.1
- (no CPE)range: < 1.3.8-4.6.1
- (no CPE)range: < 1.3.8-4.6.1
- (no CPE)range: < 4.6.6-4.12.1
- (no CPE)range: < 4.6.6-4.12.1
- (no CPE)range: < 13.0.10~dev23-3.31.2
- (no CPE)range: < 13.0.10~dev23-3.31.2
- (no CPE)range: < 5.0.1~dev12-4.9.1
- (no CPE)range: < 5.0.1~dev12-4.9.1
- (no CPE)range: < 7.1.1~dev6-3.3.2
- (no CPE)range: < 5.0.1~dev12-4.9.1
- (no CPE)range: < 7.1.1~dev6-3.3.2
- (no CPE)range: < 12.0.1~dev4-3.6.1
- (no CPE)range: < 12.0.1~dev4-3.6.1
- (no CPE)range: < 0.0.0+git.1628179051.7d761bf-3.24.1
- (no CPE)range: < 0.0.0+git.1628179051.7d761bf-3.24.1
- (no CPE)range: < 0.0.0+git.1628179051.7d761bff-3.12.1
- (no CPE)range: < 0.0.0+git.1628179051.7d761bf-3.24.1
- (no CPE)range: < 0.0.0+git.1628179051.7d761bff-3.12.1
- (no CPE)range: < 12.0.1~dev5-3.6.1
- (no CPE)range: < 12.0.1~dev5-3.6.1
- (no CPE)range: < 14.2.1~dev7-3.25.2
- (no CPE)range: < 14.2.1~dev7-3.25.2
- (no CPE)range: < 14.0.1~dev19-3.28.1
- (no CPE)range: < 14.0.1~dev19-3.28.1
- (no CPE)range: < 18.3.1~dev91-3.40.1
- (no CPE)range: < 18.3.1~dev91-3.40.1
- (no CPE)range: < 1.11.29-3.28.1
- (no CPE)range: < 1.11.29-3.28.1
- (no CPE)range: < 1.11.29-3.28.1
- (no CPE)range: < 0.20.0-8.3.1
- (no CPE)range: < 0.20.0-8.3.1
- (no CPE)range: < 2.3.1~dev4-4.9.1
- (no CPE)range: < 2.3.1~dev4-4.9.1
- (no CPE)range: < 2.3.1~dev4-4.9.1
- (no CPE)range: < 2.16.0-3.15.1
- (no CPE)range: < 2.16.0-4.15.1
- (no CPE)range: < 3.2.3-3.3.1
- (no CPE)range: < 3.2.3-4.3.1
- (no CPE)range: < 7.0.1~dev24-3.25.1
- (no CPE)range: < 13.0.10~dev23-3.28.1
- (no CPE)range: < 7.0.2~dev2-3.25.1
- (no CPE)range: < 17.0.1~dev30-3.23.1
- (no CPE)range: < 9.0.8~dev22-12.35.1
- (no CPE)range: < 9.0.8~dev22-12.35.1
- (no CPE)range: < 11.0.4~dev4-3.25.1
- (no CPE)range: < 12.0.5~dev6-14.38.2
- (no CPE)range: < 14.1.1~dev11-4.29.1
- (no CPE)range: < 12.0.5~dev6-14.38.1
- (no CPE)range: < 11.1.5~dev17-4.23.1
- (no CPE)range: < 14.2.1~dev7-3.26.1
- (no CPE)range: < 7.2.1~dev1-4.25.1
- (no CPE)range: < 7.4.2~dev60-3.31.1
- (no CPE)range: < 1.8.2~dev3-3.25.1
- (no CPE)range: < 2.2.2~dev1-11.30.1
- (no CPE)range: < 2.2.2~dev1-11.30.1
- (no CPE)range: < 2.7.1~dev10-3.23.1
- (no CPE)range: < 13.0.8~dev164-6.29.1
- (no CPE)range: < 18.3.1~dev91-3.29.1
- (no CPE)range: < 3.2.3~dev7-4.25.1
- (no CPE)range: < 9.0.2~dev15-3.25.1
- (no CPE)range: < 2.19.2~dev48-2.20.1
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-q3wr-qw3g-3p4hghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFMYDIONVWATY7EB6EARDVXT47AYCRNM/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNO4ZZUPGAEUXKQL4G2HRIH7CUZKPCT6/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXNNWHHAPREDM3XJDACYRTK7DBMUONBI/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2020-26298ghsaADVISORY
- www.debian.org/security/2021/dsa-4831ghsavendor-advisoryWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/redcarpet/CVE-2020-26298.ymlghsaWEB
- github.com/vmg/redcarpet/blob/master/CHANGELOG.mdghsaWEB
- github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793ghsaWEB
- lists.debian.org/debian-lts-announce/2021/01/msg00014.htmlghsamailing-listWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFMYDIONVWATY7EB6EARDVXT47AYCRNMghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNO4ZZUPGAEUXKQL4G2HRIH7CUZKPCT6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXNNWHHAPREDM3XJDACYRTK7DBMUONBIghsaWEB
- rubygems.org/gems/redcarpetghsaWEB
News mentions
0No linked articles in our index yet.