USN-4562-1: kramdown vulnerability
30 September 2020
kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file.
- ruby-kramdown - Fast, pure-Ruby Markdown-superset converter - ruby library
It was discovered that kramdown insecurely handled certain crafted input.
An attacker could use this vulnerability to read restricted files or
execute arbitrary code.
- USN-4562-2: ruby-kramdown, kramdown