11 matches found
Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-8682a0e17d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-44daa9c1d4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : rubygem-redcarpet (2023-8682a0e17d)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8682a0e17d advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
Fedora 38 : rubygem-redcarpet (2023-44daa9c1d4)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-44daa9c1d4 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-597f13ffb9 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
SUSE CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
OESA-2021-1175 rubygem-redcarpet security update
A fast, safe and extensible Markdown to XHTML parser. Security Fixes: Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being perform...
Debian DSA-4831-1 : ruby-redcarpet - security update
Johan Smits discovered that ruby-redcarpet, a markdown parser, did not properly validate its input. This would allow an attacker to mount a cross-site scripting attack. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 4831-1] ruby-redcarpet security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4831-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 15, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2526-1] ruby-redcarpet security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2526-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS -...
CVE-2020-26298
CVE-2020-26298 affects the Redcarpet Ruby gem (rubygem-redcarpet) prior to 3.5.1, where HTML escaping was not performed for quotes, enabling a cross-site scripting (XSS) vector. The issue is fixed in version 3.5.1 (via the referenced commit); upgrading to 3.5.1 or newer mitigates the vulnerabilit...