Search CVE reports
1 – 2 of 2 results
CVE-2021-28834
Medium prioritySome fixes available 1 of 9
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
3 affected packages
kramdown, ruby-kramdown, ruby-kramdown-rfc2629
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kramdown | — | Not in release | Not in release | Not in release | Not in release |
| ruby-kramdown | — | Not affected | Fixed | Not affected | Not affected |
| ruby-kramdown-rfc2629 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-14001
Medium prioritySome fixes available 10 of 12
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a...
1 affected packages
ruby-kramdown
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby-kramdown | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |