- Vulnerability/
- USN-4562-1
USN-4562-1: kramdown vulnerability
First published: Wed Sep 30 2020(Updated: )
It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/kramdown | <1.17.0-4ubuntu0.1 | 1.17.0-4ubuntu0.1 |
| =20.04 | ||
| All of | ||
| ubuntu/ruby-kramdown | <1.17.0-4ubuntu0.1 | 1.17.0-4ubuntu0.1 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this kramdown vulnerability?
The vulnerability ID for this kramdown vulnerability is USN-4562-1.
How does the kramdown vulnerability impact the affected software?
The kramdown vulnerability allows an attacker to read restricted files or execute arbitrary code in the affected software.
Which versions of kramdown are affected by this vulnerability?
Versions up to and excluding 1.17.0-4ubuntu0.1 of kramdown are affected by this vulnerability.
How can I fix the kramdown vulnerability?
To fix the kramdown vulnerability, update to version 1.17.0-4ubuntu0.1 or later of the kramdown package.
Where can I find more information about the kramdown vulnerability?
You can find more information about the kramdown vulnerability in the Ubuntu Security Notices USN-4562-2 and on the Ubuntu security advisory page for CVE-2020-14001.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-4562-2
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04