Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:25913
HistoryJul 20, 2020 - 2:58 a.m.

Remote Code Execution

2020-07-2002:58:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
remote code execution
kramdown
software vulnerability

EPSS

0.013

Percentile

86.2%

kramdown is vulnerable to remote code execution. The vulnerability exists due to the lack of control over the values of kramdown template extension options.

Affected configurations

Vulners
Node
-icinga2\Match3.122.11.3-r0
OR
-icinga2\Matchedge2.11.3-r0
OR
-icinga2\Match3.122.11.3-r0
OR
-icinga2\Matchedge2.11.3-r0
OR
kramdownRange2.2.1
VendorProductVersionCPE
-icinga2\3.12cpe:2.3:a:-:icinga2\:3.12:2.11.3-r0:*:*:*:*:*:*:*
-icinga2\edgecpe:2.3:a:-:icinga2\:edge:2.11.3-r0:*:*:*:*:*:*:*
*kramdown*cpe:2.3:a:*:kramdown:*:*:*:*:*:*:*:*

References