USN-4562-2: kramdown vulnerability
26 October 2020
kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file.
- ruby-kramdown - Fast, pure-Ruby Markdown-superset converter - ruby library
It was discovered that kramdown insecurely handled certain crafted input. An
attacker could use this vulnerability to read restricted files or execute
- USN-4562-1: kramdown, ruby-kramdown