Описание
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
The kramdown gem before 2.3.0 for Ruby processes the template option i ...
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2