kramdown is vulnerable to arbitrary code execution. The package does not restrict Rouge formatters to the Rouge::Formatters
namespace and allows arbitrary classes to be instantiated.
CPE | Name | Operator | Version |
---|---|---|---|
kramdown | le | 2.3.0 | |
ruby-kramdown:sid | eq | 2.3.0-4 | |
ruby-kramdown:buster | eq | 1.17.0-1+deb10u1 | |
ruby-kramdown:bullseye | eq | 2.3.0-4 |
bugs.launchpad.net/lxml/+bug/1888153
bugzilla.redhat.com/show_bug.cgi?id=1941044
github.com/gettalong/kramdown/compare/REL_2_3_0...REL_2_3_1
github.com/gettalong/kramdown/pull/708
gitlab.com/gitlab-org/gitlab/-/commit/179329b5c3c118924fb242dc449d06b4ed6ccb66
lists.fedoraproject.org/archives/list/[email protected]/message/NJCJVYHPY6LNUFM6LYZIAUIYOMVT5QGV/
lists.fedoraproject.org/archives/list/[email protected]/message/S3BBLUIDCUUR3NEE4NJLOCCAV3ALQ3O6/
lists.fedoraproject.org/archives/list/[email protected]/message/SYOLQKFL6IJCQLBXV34Z4TI4O54GESPR/
www.debian.org/security/2021/dsa-4890