rpm package
opensuse/ruby3.2-rubygem-kramdown&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ruby3.2-rubygem-kramdown&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-28834 | — | < 2.4.0-1.8 | 2.4.0-1.8 | Mar 19, 2021 | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | ||
| CVE-2020-14001 | — | < 2.4.0-1.8 | 2.4.0-1.8 | Jul 17, 2020 | The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). |
- CVE-2021-28834Mar 19, 2021affected < 2.4.0-1.8fixed 2.4.0-1.8
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
- CVE-2020-14001Jul 17, 2020affected < 2.4.0-1.8fixed 2.4.0-1.8
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `).