Search CVE reports
1 – 2 of 2 results
CVE-2021-28834
Medium prioritySome fixes available 1 of 9
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
3 affected packages
kramdown, ruby-kramdown, ruby-kramdown-rfc2629
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kramdown | — | Not in release | Not in release | Not in release | Not in release |
| ruby-kramdown | — | Not affected | Fixed | Not affected | Not affected |
| ruby-kramdown-rfc2629 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-14001
Medium prioritySome fixes available 9 of 11
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a...
1 affected packages
ruby-kramdown
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby-kramdown | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |