AVG-1709 log

Package ruby-kramdown
Status Fixed
Severity Medium
Type insufficient validation
Affected 2.3.0-1
Fixed 2.3.1-1
Current 2.3.1-2 [extra]
Ticket None
Created Fri Mar 19 11:54:05 2021
Issue Severity Remote Type Description
CVE-2021-28834 Medium No Insufficient validation
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.