kramdown could be made to execute arbitrary code if it received specially
crafted input.
Software Description:
- ruby-kramdown: Fast, pure-Ruby Markdown-superset converter - ruby library
Details:
It was discovered that kramdown did not restrict Rouge formatters to the
correct namespace. An attacker could use this issue to cause kramdown to
execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ruby-kramdown 1.17.0-4ubuntu0.2 In general, a standard system update will make all the necessary changes.
CVE-2021-28834
Get the latest Linux and open source security news straight to your inbox.