VYPR
Moderate severityNVD Advisory· Published Jan 11, 2021· Updated Feb 13, 2025

Injection in Redcarpet

CVE-2020-26298

Description

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escape_html option was being used. This is fixed in version 3.5.1 by the referenced commit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
redcarpetRubyGems
< 3.5.13.5.1

Affected products

88

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.