Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2021-28834
- EPSS 2.65%
- Published 19.03.2021 07:15:13
- Last modified 21.11.2024 06:00:17
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
9.8
CVE-2020-14001
- EPSS 9.35%
- Published 17.07.2020 16:15:11
- Last modified 21.11.2024 05:02:19
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins w...
1