12 matches found
EUVD-2020-0635
Malware in sbrugna...
FreeBSD : Gitlab -- Multiple Vulnerabilities (a003b74f-d7b3-11ea-9df1-001b217b3468)
Gitlab reports : Arbitrary File Read when Moving an Issue Memory Exhaustion via Excessive Logging of Invite Email Error Denial of Service Through Project Import Feature User Controlled Git Configuration Settings Resulting in SSRF Stored XSS in Issue Reference Number Tooltip Stored XSS in Issues...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
DEBIAN-CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
PT-2020-6146
Name of the Vulnerable Software and Affected Versions kramdown gem versions prior to 2.3.0 Description The issue exists due to the kramdown gem's failure to neutralize special elements, allowing a remote attacker to execute arbitrary code. This can lead to unintended read access or execution of...
Unintended read access in kramdown gem
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...