AVG-1709 log
| Package | ruby-kramdown |
| Status | Fixed |
| Severity | Medium |
| Type | insufficient validation |
| Affected | 2.3.0-1 |
| Fixed | 2.3.1-1 |
| Current | 2.4.0-1 [extra] |
| Ticket | None |
| Created | Fri Mar 19 11:54:05 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-28834 | Medium | No | Insufficient validation | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. |