6 matches found
ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media (moderate)
ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media Announcement ID: openSUSE-SU-2025:15119-1 Rating: moderate Cross-References: CVE-2020-14001 CVE-2021-28834 CVSS scores: CVE-2020-14001 SUSE : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2021-28834 SUSE : 9.8...
Debian DSA-4890-1 : ruby-kramdown - security update
Stan Hu discovered that kramdown, a pure Ruby Markdown parser and converter, performed insufficient namespace validation of Rouge syntax highlighting formatters. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
[SECURITY] [DSA 4890-1] ruby-kramdown security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4890-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 12, 2021 https://www.debian.org/security/faq -...
Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-edc673e864)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-139a6a2f9d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-28834
Kramdown before 2.3.1 does not constrain Rouge formatters to Rouge::Formatters, allowing arbitrary class instantiation and potential code execution. Exploitation details are not provided in the documents; affected packages include kramdown/ruby-kramdown across Linux distros (e.g., Fedora, Debian,...