Search CVE reports
1 – 2 of 2 results
Some fixes available 1 of 9
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
3 affected packages
kramdown, ruby-kramdown-rfc2629, ruby-kramdown
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kramdown | — | Not in release | Not in release | Not in release |
| ruby-kramdown-rfc2629 | — | Not affected | Not affected | Not affected |
| ruby-kramdown | — | Not affected | Fixed | Not affected |
Some fixes available 12 of 14
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a...
1 affected package
ruby-kramdown
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-kramdown | Fixed | Fixed | Fixed | Vulnerable |