CVE-2020-26298, GHSA-q3wr-qw3g-3p4h
gem/redcarpet
Cross-site Scripting
In Redcarpet there is an injection vulnerability which can enable a cross-site scripting attack. This applies even when the :escape_html
option was being used.
All versions before 3.5.1
Upgrade to version 3.5.1 or above.
2021-01-16
source |