Vulnerabilities > Kramdown Project

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-19	CVE-2021-28834	Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. network low complexity kramdown-project fedoraproject debian critical	9.8
2020-07-17	CVE-2020-14001	Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). network low complexity kramdown-project debian fedoraproject canonical CWE-862 critical	9.8

Vulnerabilities > Kramdown Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Kramdown Project"}]}