Releases66
Frequency2 months 4 weeks
Last Release
Downloads242M
kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 2.3.19.8 CRITICAL6.8 MEDIUM

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

< 2.3.09.8 CRITICAL7.5 HIGH

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.