Описание
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escape_html option was being used. This is fixed in version 3.5.1 by the referenced commit.
Ссылки
- Third Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- ProductThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- ProductThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
6.8 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...
Уязвимость библиотеки Ruby для парсинга Markdown в HTML Redcarpet, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
EPSS
6.8 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2