Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-14001: Home | kramdown

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

CVE
#google#git#ruby

Overview

If you want to get started with kramdown, have a look at the installation page to see how you can install it on your system. Then look through the documentation for finding information about how to actually use kramdown and its parsers/converters. The quick reference provides a overview of the syntax – if you need a more detailed description of the superset of Markdown which kramdown supports the syntax page is the place to go!

Bugs, Forums, Mailing Lists

If you have found a bug, you should report it here. Also, there is the kramdown-users google group available if you have any questions!

Thanks

kramdown would not be possible without the prior work of many other people. I want to thank everyone involved with making Markdown such a nice markup language and especially the developers of other Markdown implementations because kramdown borrowed many ideas from existing packages.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907