Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016633 advisory. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Tenable has extracted th...

Astra Linux - уязвимость в ruby-kramdown

Before version 2.3.1, Kramdown did not restrict Rouge formatters to the Rouge::Formatters namespace, allowing arbitrary classes to be instantiated...

USN-6424-1 ruby-kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

SUSE CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

OESA-2021-1159 rubygem-kramdown security update

The package is fast yet-another-markdown-parser, pure Ruby, using a strict syntax definition and supporting several common extensions. Security Fixes: Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be...

Remote code execution in Kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

Arbitrary Code Execution

kramdown is vulnerable to arbitrary code execution. The package does not restrict Rouge formatters to the Rouge::Formatters namespace and allows arbitrary classes to be instantiated...

Deserialization of Untrusted Data

Overview kramdown is a Yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Kramdown does not restrict Rouge formatters to the...

DEBIAN-CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

UBUNTU-CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

PT-2021-5816

Name of the Vulnerable Software and Affected Versions Kramdown versions prior to 2.3.1 Description The issue is related to the lack of restriction of Rouge formatters to the Rouge::Formatters namespace, allowing arbitrary classes to be instantiated. This could potentially enable a remote attacker...