Lucene search
GoogleOSV:CVE-2021-28834HistoryMar 19, 2021 - 7:15 a.m.
CVE-2021-28834
2021-03-1907:15:13
Google
osv.dev
5
kramdown
version 2.3.1
rouge formatters
arbitrary classes
instantiation
security vulnerability
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
References
github.com/gettalong/kramdown/compare/REL_2_3_0...REL_2_3_1
github.com/gettalong/kramdown/pull/708
gitlab.com/gitlab-org/gitlab/-/commit/179329b5c3c118924fb242dc449d06b4ed6ccb66
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJCJVYHPY6LNUFM6LYZIAUIYOMVT5QGV/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S3BBLUIDCUUR3NEE4NJLOCCAV3ALQ3O6/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYOLQKFL6IJCQLBXV34Z4TI4O54GESPR/
www.debian.org/security/2021/dsa-4890
Related
nessus
nessus
Ubuntu 20.04 LTS : kramdown vulnerability (USN-6424-1)
2023-10-10 00:00:00
Fedora 33 : rubygem-kramdown (2021-4c57a892d1)
2021-03-30 00:00:00
Fedora 32 : rubygem-kramdown (2021-edc673e864)
2021-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: rubygem-kramdown-2.1.0-5.fc32
2021-03-30 14:30:30
[SECURITY] Fedora 34 Update: rubygem-kramdown-2.3.1-1.fc34
2021-03-26 00:17:59
[SECURITY] Fedora 33 Update: rubygem-kramdown-2.2.1-10.fc33
2021-03-30 14:31:02
redhatcve
redhatcve
CVE-2021-28834
2021-03-22 15:09:15
veracode
veracode
Arbitrary Code Execution
2021-03-22 04:53:04
ubuntucve
ubuntucve
CVE-2021-28834
2021-03-19 00:00:00
openvas
openvas
Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-4c57a892d1)
2021-03-31 00:00:00
Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-4c57a892d1)
2021-03-31 00:00:00
Debian: Security Advisory (DSA-4890-1)
2021-04-13 00:00:00
osv
osv
ruby-kramdown vulnerability
2023-10-10 04:39:08
ruby-kramdown - security update
2021-04-12 00:00:00
Remote code execution in Kramdown
2021-03-29 16:30:34
github
github
Remote code execution in Kramdown
2021-03-29 16:30:34
debiancve
debiancve
CVE-2021-28834
2021-03-19 07:15:13
cve
cve
CVE-2021-28834
2021-03-19 07:15:13
prion
prion
Design/Logic Flaw
2021-03-19 07:15:00
cvelist
cvelist
CVE-2021-28834
2021-03-19 06:51:15
debian
debian
[SECURITY] [DSA 4890-1] ruby-kramdown security update
2021-04-12 07:22:41
rubygems
rubygems
Remote code execution in Kramdown
2021-03-28 21:00:00
ubuntu
ubuntu
kramdown vulnerability
2023-10-10 00:00:00
nvd
nvd
CVE-2021-28834
2021-03-19 07:15:13
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34