RubyGems package
redcarpet
pkg:gem/redcarpet
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26298 | — | < 3.5.1 | 3.5.1 | Jan 11, 2021 | Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the | ||
| CVE-2015-5147 | — | >= 3.3.0, < 3.3.2 | 3.3.2 | Jul 14, 2015 | Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |
- CVE-2020-26298Jan 11, 2021affected < 3.5.1fixed 3.5.1
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the
- CVE-2015-5147Jul 14, 2015affected >= 3.3.0, < 3.3.2fixed 3.3.2
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.