4 matches found
CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
Denial Of Service (DoS)
ruby is vulnerable denial of service. an attacker can crash the application through the CGI.escapehtml by providing a very large string...
Cross-Site Scripting (XSS)
redcarpet is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript code via quotes. This vulnerability exists even when .escapehtml option is applied...
CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...