ruby-kramdown
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Fast, pure Ruby Markdown superset converter, using a strict syntax definition |
| Version | 2.3.1-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1709 | 2.3.0-1 | 2.3.1-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-28834 | AVG-1709 | Medium | No | Insufficient validation | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. |