Malicious code in asciidoctor_pdf-linewrap-ja (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

GHSA-QC9P-MJXM-J2WJ Asciidoctor Infinite Loop vulnerability

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...

Asciidoctor Infinite Loop vulnerability

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...

Asciidoctor Infinite Loop vulnerability

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...

Design/Logic Flaw

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2022-24803

CVE-2022-24803 concerns the Asciidoctor-include-ext extension (pre-0.4.0) that processes user-supplied input in AsciiDoc. The root cause is a command-injection risk in the include extension, allowing arbitrary system commands on the host OS, even when allow-uri-read is disabled. The issue is miti...

CVE-2022-24803 Command Injection vulnerability in asciidoctor-include-ext

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

GHSA-V222-6MR4-QJ29 Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...

Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...

Asciidoctor 操作系统命令注入漏洞

Asciidoctor is a text processor written in Ruby by the Asciidoctor organization. The product supports converting AsciiDoc content to HTML5, DocBook, and other formats. An operating system command injection vulnerability exists in versions prior to Asciidoctor-include-ext 0.4.0 that could allow an...

Command Injection vulnerability in asciidoctor-include-ext

Impact Applications using Asciidoctor Ruby with asciidoctor-include-ext prior to version 0.4.0, which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when allow-uri-read is disable...

GitLab: Kroki Arbitrary File Read/Write

Summary In short, I've found a potentially weird bug in asciidoctor that could lead to arbitrary file read/write in asciidoctor-kroki even though Gitlab have already made an attempt to disable kroki-plantuml-include lib/gitlab/asciidoc.rb rb module Gitlab Parser/renderer for the AsciiDoc format...

SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host bsc1168930. Non-security issue fixed : git was updated to 2.26.0 f...

Denial Of Service (DoS)

asciidoctor is vulnerable to Denial of Service DoS attacks. When an absolete callout list follows a list item, an infinite loop will be triggered, resulting in a system hang...

Asciidoctor Denial of Service Vulnerability

Asciidoctor is a text processor written in Ruby that supports converting AsciiDoc content to HTML5, DocBook and other formats. A security vulnerability exists in Asciidoctor version 1.5.7.1, which stems from Parsernextblock failing to use the 'while true' statement correctly. A remote attacker ca...

CVE-2018-18385

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...

Denial Of Service (DoS) Through Infinite Loop

asciidoctor is vulnerable to a denial of service DoS attack. The library does not parse successive special characters properly, allowing a malicious user to cause an infinite loop, crashing the application...

CVE-2018-18385

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...

DEBIAN-CVE-2018-18385

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...

CVE-2018-18385

Asciidoctor in versions 1.5.8 allows remote attackers to cause a denial of service infinite loop. The loop was caused by the fact that Parser.nextblock was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detect...