Описание
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
There is an improper input validation flaw in the python mkdocs-include-markdown-plugin package. Under certain conditions placeholders are not properly validated and may collide with other data elements resulting in inconsistent output.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-agent-rhel9 | Fix deferred | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Fix deferred | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-agent-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-controller-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-installer-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-9-rhel9 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-agent-installer-api-server-rhel9 | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-agent-installer-csr-approver-rhel9 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
6.5 Medium
CVSS3