Описание
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
A flaw was found in rubygem-kramdown. Rouge is a syntax highlighter used by kramdown. Restriction of the Rouge formatters to the Rouge::Formatters namespace does not occur when Ruby's const_get() method is called. This can lead to arbitrary classes being instantiated in situations where the application using kramdown, for example, accepts user input to select a Rogue syntax highlighter formatter. The highest threat from this vulnerability when exploited in a vulnerable configuration is to data confidentiality, integrity, and availability.
Отчет
Red Hat supported products are not affected by this flaw because they do not ship rubygem-kramdown.
Меры по смягчению последствий
Developers using rubygem-kramdown: Do not pass user or external input into custom Rouge formatter selection logic. All other users/system administrators: There is no known mitigation at this time.
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge: ...
Уязвимость средств форматирования Rouge программы для грамматического разбора и преобразования формата Markdown Kramdown, связанная с применением входных данных с внешним управлением для выбора классов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
9.8 Critical
CVSS3