Skip to main content

Kramdown

2 CVEs product

Monthly

CVE-2021-28834 Ruby CRITICAL POC PATCH Act Now

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kramdown Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-14001 Ruby CRITICAL PATCH Act Now

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Gitlab RCE Authentication Bypass Kramdown Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kramdown Fedora +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Gitlab RCE Authentication Bypass +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy