CVE 2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- CONFIRM: https://github.com/get...
- CONFIRM: https://github.com/get...
- CONFIRM: https://kramdown.getta...
- MISC: https://github.com/get...
- MISC: https://kramdown.getta...
- MISC: https://rubygems.org/g...
- CONFIRM: https://security.netap...
- MLIST: [fluo-notifications] 2...
- MLIST: [debian-lts-announce] ...
- DEBIAN: DSA-4743
- FEDORA: FEDORA-2020-5c70d97eca
- FEDORA: FEDORA-2020-f6eee9a2d3
- UBUNTU: USN-4562-1
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)