18 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-14001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...
ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media (moderate)
ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media Announcement ID: openSUSE-SU-2025:15119-1 Rating: moderate Cross-References: CVE-2020-14001 CVE-2021-28834 CVSS scores: CVE-2020-14001 SUSE : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2021-28834 SUSE : 9.8...
SUSE CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
openSUSE: Security Advisory for rubygem-kramdown (SUSE-SU-2022:3259-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15: ruby2.5-rubygem-kramdown / ruby2.5-rubygem-kramdown-doc / etc (SUSE-SU-2022:3259-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution...
Ubuntu 20.10 : kramdown vulnerability (USN-4562-2)
The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4562-2 advisory. kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file. Tenable has extracted the preceding description...
Fedora 31 : rubygem-kramdown (2020-5c70d97eca)
A security flaw was found on ruby kramdown which may lead to unintended code execution. THis vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update syste...
Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-5c70d97eca)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-f6eee9a2d3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : rubygem-kramdown (2020-f6eee9a2d3)
A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update syste...
Debian: Security Advisory (DLA-2316-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4743-1] ruby-kramdown security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4743-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4743-1] ruby-kramdown security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4743-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2316-1] ruby-kramdown security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2316-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA August 08, 2020 https://wiki.debian.org/LTS -...
CVE-2020-14001
The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
FreeBSD : kramdown -- template option vulnerability (20b46222-c12b-11ea-abe8-08002728f74c)
kramdown news : CVE-2020-14001 is addressed to avoid problems when using the ::options / extension together with the 'template' option. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020...
kramdown -- template option vulnerability
kramdown news: CVE-2020-14001 is addressed to avoid problems when using the ::options / extension together with the 'template' option...