RubyGems package
RedCloth
pkg:gem/RedCloth
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31606 | — | < 4.3.3 | 4.3.3 | Jun 6, 2023 | A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||
| CVE-2012-6684 | — | < 4.3.0 | 4.3.0 | Jan 8, 2015 | Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. |
- CVE-2023-31606Jun 6, 2023affected < 4.3.3fixed 4.3.3
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
- CVE-2012-6684Jan 8, 2015affected < 4.3.0fixed 4.3.0
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.