Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016633 advisory. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Tenable has extracted th...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016646 advisory. The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

OPENSUSE-SU-2024:11336-1 ruby2.7-rubygem-kramdown-2.3.1-1.3 on GA media

These are all security issues fixed in the ruby2.7-rubygem-kramdown-2.3.1-1.3 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read...

openSUSE: Security Advisory for rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-4c57a892d1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-edc673e864)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-edc673e864)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 32 : rubygem-kramdown (2021-edc673e864)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-edc673e864 advisory. - Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. CVE-2021-28834...

Fedora 33 : rubygem-kramdown (2021-4c57a892d1)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-4c57a892d1 advisory. - Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. CVE-2021-28834...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-139a6a2f9d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: rubygem-kramdown-2.3.1-1.fc34

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

CVE-2021-28834

A flaw was found in rubygem-kramdown. Rouge is a syntax highlighter used by kramdown. Restriction of the Rouge formatters to the Rouge::Formatters namespace does not occur when Ruby's constget method is called. This can lead to arbitrary classes being instantiated in situations where the...

[SECURITY] Fedora 32 Update: rubygem-kramdown-2.1.0-3.fc32

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-f6eee9a2d3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : rubygem-kramdown (2020-f6eee9a2d3)

A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update syste...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-5c70d97eca)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-14001

A flaw was found in rubygem-kramdown in versions prior to 2.3.0. The template option allows unintended read access or embedded Ruby code execution which is enabled in Kramdown by default. The highest threat from this vulnerability is to data confidentiality and integrity...