28 matches found
CVE-2026-4833
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...
UBUNTU-CVE-2026-4833
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...
CVE-2026-4833 Orc discount Markdown markdown.c compile recursion
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...
EUVD-2022-0618
Malicious code in bioql PyPI...
CVE-2024-25873
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
The vulnerability of the `plain_text_for_blockquote_node` function in the Action Text interpreter for Ruby allows a hacker to trigger a service failure.
The vulnerability of the plaintextforblockquotenode function in the Action Text interpreter for Ruby is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...
SUSE CVE-2024-47888
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
DEBIAN-CVE-2024-47888
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
UBUNTU-CVE-2024-47888
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
CVE-2024-47888 Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...
Malicious code in extension-blockquote (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9613 Malicious code in extension-blockquote (npm)
--- -= Per source details. Do not edit below this line.=-...
Regular Expression Denial of Service (ReDoS)
Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the plaintextforblockquotenode helper function due to the usage of an insecure regular expression. By...
Ruby on Rails: Action Text ReDoS (Ruby 3.1 or lower)
A vulnerability was discovered in the ActionText component of the Rails web framework for Ruby versions 3.1 and lower. The vulnerability was caused by a Regular Expression Denial of Service ReDoS issue in the plaintextforblockquotenode method. This method was used in the...
CVE-2024-25873
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
Design/Logic Flaw
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
CVE-2024-25873
Enhavo v0.13.1 contains an HTML injection vulnerability in the Blockquote module’s Author text field that can execute arbitrary code via a crafted payload. Public sources identify the affected component (Author field in Blockquote) and the impact (arbitrary code execution). No explicit patches ar...
PT-2024-21177 · Enhavo · Enhavo
Name of the Vulnerable Software and Affected Versions: Enhavo version 0.13.1 Description: The issue is related to an HTML injection vulnerability in the Author text field under the Blockquote module. This allows attackers to execute arbitrary code via a crafted payload. Recommendations: For Enhav...
CVE-2024-25873
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
CVE-2024-25873
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload...