redcarpet on RubyGems
A fast, safe and extensible Markdown to (X)HTML parser
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2020-26298 | 5.4 MEDIUM | 3.5 LOW | |
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. |