Lucene search
K

11 matches found

OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.17 views

Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-8682a0e17d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.9AI score0.0157EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.11 views

Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-44daa9c1d4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.9AI score0.0157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/09 12:0 a.m.22 views

Fedora 37 : rubygem-redcarpet (2023-8682a0e17d)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8682a0e17d advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...

6.8CVSS6.4AI score0.0157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/09 12:0 a.m.17 views

Fedora 38 : rubygem-redcarpet (2023-44daa9c1d4)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-44daa9c1d4 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...

6.8CVSS6.4AI score0.0157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/09 12:0 a.m.32 views

Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-597f13ffb9 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...

6.8CVSS6.4AI score0.0157EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.4 views

SUSE CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

5.4CVSS8AI score0.0157EPSS
Exploits0References5
OSV
OSV
added 2021/05/06 11:2 a.m.7 views

OESA-2021-1175 rubygem-redcarpet security update

A fast, safe and extensible Markdown to XHTML parser. Security Fixes: Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being perform...

6.8CVSS6.5AI score0.0157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/01/20 12:0 a.m.23 views

Debian DSA-4831-1 : ruby-redcarpet - security update

Johan Smits discovered that ruby-redcarpet, a markdown parser, did not properly validate its input. This would allow an attacker to mount a cross-site scripting attack. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

6.8CVSS6.4AI score0.0157EPSS
Exploits0References5
Debian
Debian
added 2021/01/15 1:9 p.m.74 views

[SECURITY] [DSA 4831-1] ruby-redcarpet security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4831-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 15, 2021 https://www.debian.org/security/faq -...

4.3CVSS1.9AI score0.0157EPSS
Exploits0
Debian
Debian
added 2021/01/15 10:34 a.m.63 views

[SECURITY] [DLA 2526-1] ruby-redcarpet security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2526-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS -...

6.8CVSS5.9AI score0.0157EPSS
Exploits0
CVE
CVE
added 2021/01/11 12:0 a.m.115 views

CVE-2020-26298

CVE-2020-26298 affects the Redcarpet Ruby gem (rubygem-redcarpet) prior to 3.5.1, where HTML escaping was not performed for quotes, enabling a cross-site scripting (XSS) vector. The issue is fixed in version 3.5.1 (via the referenced commit); upgrading to 3.5.1 or newer mitigates the vulnerabilit...

6.8CVSS5.2AI score0.0157EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder