Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xbTItY2dwci1wNG02
Unintended read access in kramdown gem
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
Permalink: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xbTItY2dwci1wNG02
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 3 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-mqm2-cgpr-p4m6, CVE-2020-14001
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-14001
- https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
- https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
- https://kramdown.gettalong.org
- https://kramdown.gettalong.org/news.html
- https://rubygems.org/gems/kramdown
- https://security.netapp.com/advisory/ntap-20200731-0004/
- https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html
- https://www.debian.org/security/2020/dsa-4743
- https://lists.fedoraproject.org/archives/list/[email protected]/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/
- https://usn.ubuntu.com/4562-1/
- https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/kramdown/CVE-2020-14001.yml
Blast Radius: 55.7
Affected Packages
rubygems:kramdown
Dependent packages: 642Dependent repositories: 485,485
Downloads: 147,360,519 total
Affected Version Ranges: < 2.3.0
Fixed in: 2.3.0
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.13.5, 0.13.6, 0.13.7, 0.13.8, 0.14.0, 0.14.1, 0.14.2, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.12.0, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.16.0, 1.16.1, 1.16.2, 1.17.0, 2.0.0, 2.1.0, 2.2.0, 2.2.1
All unaffected versions: 2.3.0, 2.3.1, 2.3.2, 2.4.0