VYPR

RubyGems package

RedCloth

pkg:gem/RedCloth

Vulnerabilities (2)

  • CVE-2023-31606Jun 6, 2023
    affected < 4.3.3fixed 4.3.3

    A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2012-6684Jan 8, 2015
    affected < 4.3.0fixed 4.3.0

    Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.