Sha256: 14e6be208237fd2ea035f343ad23d45f8eedd3879e02b0db6201c5113cdfd702

Contents?: true

Size: 662 Bytes

Versions: 6

Compression:

Stored size: 662 Bytes

Contents

---
gem: redcarpet
osvdb: 120415
url: http://danlec.com/blog/bug-in-sundown-and-redcarpet
title: redcarpet Gem for Ruby markdown.c parse_inline() Function XSS
date: 2015-04-07
description: |
  redcarpet Gem for Ruby contains a flaw that allows a cross-site scripting
  (XSS) attack. This flaw exists because the parse_inline() function in
  markdown.c does not validate input before returning it to users. This may
  allow a remote attacker to create a specially crafted request that would
  execute arbitrary script code in a user's browser session within the trust
  relationship between their browser and the server.
cvss_v2:
patched_versions:
  - ">= 3.2.3"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/redcarpet/OSVDB-120415.yml