Lucene search
Veracode Vulnerability DatabaseVERACODE:28967HistoryJan 12, 2021 - 6:01 a.m.
Cross-Site Scripting (XSS)
2021-01-1206:01:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
33.5%
redcarpet is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript code via quotes. This vulnerability exists even when .escape_html option is applied.
| CPE | Name | Operator | Version |
|---|---|---|---|
| redcarpet | le | 3.5.0 | |
| ruby-redcarpet:sid | eq | 3.5.0-2+b1 | |
| ruby-redcarpet:buster | eq | 3.4.0-4+b1 | |
| ruby-redcarpet:bullseye | eq | 3.5.0-2+b1 |
References
github.com/advisories/GHSA-q3wr-qw3g-3p4h
github.com/vmg/redcarpet/blob/master/CHANGELOG.md#version-351-security
github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
lists.debian.org/debian-lts-announce/2021/01/msg00014.html
rubygems.org/gems/redcarpet
www.debian.org/security/2021/dsa-4831
Related
nessus
nessus
Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)
2023-05-09 00:00:00
Debian DSA-4831-1 : ruby-redcarpet - security update
2021-01-20 00:00:00
Fedora 37 : rubygem-redcarpet (2023-8682a0e17d)
2023-05-09 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: rubygem-redcarpet-3.3.2-26.fc38
2023-05-09 01:58:17
[SECURITY] Fedora 37 Update: rubygem-redcarpet-3.3.2-26.fc37
2023-05-09 01:38:58
[SECURITY] Fedora 36 Update: rubygem-redcarpet-3.3.2-26.fc36
2023-05-09 01:03:16
debian
debian
[SECURITY] [DLA 2526-1] ruby-redcarpet security update
2021-01-15 10:34:09
[SECURITY] [DSA 4831-1] ruby-redcarpet security update
2021-01-15 13:09:33
[SECURITY] [DSA 4831-1] ruby-redcarpet security update
2021-01-15 13:09:33
redhatcve
redhatcve
CVE-2020-26298
2021-01-12 14:51:36
osv
osv
Injection/XSS in Redcarpet
2021-01-11 19:06:10
ruby-redcarpet - security update
2021-01-15 00:00:00
CVE-2020-26298
2021-01-11 19:15:13
openvas
openvas
Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-8682a0e17d)
2023-05-10 00:00:00
Fedora: Security Advisory for rubygem-redcarpet (FEDORA-2023-44daa9c1d4)
2023-05-10 00:00:00
Debian: Security Advisory (DLA-2526-1)
2021-01-16 00:00:00
nvd
nvd
CVE-2020-26298
2021-01-11 19:15:13
cvelist
cvelist
CVE-2020-26298 Injection in Redcarpet
2021-01-11 00:00:00
prion
prion
Cross site scripting
2021-01-11 19:15:00
cve
cve
CVE-2020-26298
2021-01-11 19:15:13
github
github
Injection/XSS in Redcarpet
2021-01-11 19:06:10
debiancve
debiancve
CVE-2020-26298
2021-01-11 19:15:13
ubuntucve
ubuntucve
CVE-2020-26298
2021-01-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34