redcarpet
Releases75
Frequency2 months 1 week
Last Release
Downloads128M
A fast, safe and extensible Markdown to (X)HTML parser
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 3.5.1 | 6.8 MEDIUM | 3.5 LOW | ||
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | ||||
| <= 3.3.1 | — | 7.5 HIGH | ||
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||||