VYPR

RubyGems package

redcarpet

pkg:gem/redcarpet

Vulnerabilities (2)

  • CVE-2020-26298Jan 11, 2021
    affected < 3.5.1fixed 3.5.1

    Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the

  • CVE-2015-5147Jul 14, 2015
    affected >= 3.3.0, < 3.3.2fixed 3.3.2

    Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.