CVE-2020-26298

Cross-site Scripting in gem/redcarpet

Identifiers

CVE-2020-26298, GHSA-q3wr-qw3g-3p4h

Package Slug

gem/redcarpet

Vulnerability

Cross-site Scripting

Description

In Redcarpet there is an injection vulnerability which can enable a cross-site scripting attack. This applies even when the :escape_html option was being used.

Affected Versions

All versions before 3.5.1

Solution

Upgrade to version 3.5.1 or above.

Last Modified

2021-01-16

source