Filtered by vendor Redcarpet Project
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-26298 | 2 Debian, Redcarpet Project | 2 Debian Linux, Redcarpet | 2022-10-06 | 3.5 LOW | 5.4 MEDIUM |
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | |||||
CVE-2015-5147 | 1 Redcarpet Project | 1 Redcarpet | 2015-07-14 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |