CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

7 matches found

Tenable Nessus•added 2020/08/12 12:0 a.m.•23 views

Debian DSA-4743-1 : ruby-kramdown - security update

A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the ::options / extension is used together with the 'template' option. The update introduces a new option...

9.8CVSS8.5AI score0.0456EPSS

Exploits0References5

Tenable Nessus•added 2020/08/10 12:0 a.m.•27 views

Debian DLA-2316-1 : ruby-kramdown security update

ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access such as template='/etc/passwd' or unintended embedded Ruby code execution such as a string that begins with template='string://%= . NOTE: kramdown is used in Jekyll, GitLab Pages,...

9.8CVSS8AI score0.0456EPSS

Exploits0References4

UbuntuCve•added 2020/07/17 4:15 p.m.•23 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS7.6AI score0.0456EPSS

Exploits0References9

Cvelist•added 2020/07/17 3:27 p.m.•13 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.4AI score0.0456EPSS

Exploits0References13

AlpineLinux•added 2020/07/17 3:27 p.m.•49 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.0456EPSS

Debian CVE•added 2020/07/17 3:27 p.m.•24 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.0456EPSS

RubySec•added 2020/06/28 12:0 a.m.•20 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by