Identifier

CVE-2020-14001

Package Slug

gem/kramdown

Vulnerability

Injection Vulnerability

Description

The kramdown gem processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution.

Affected Versions

All versions before 2.3.0

Solution

Upgrade to version 2.3.0 or above.

Last Modified

2020-07-24

source