- Vulnerability/
- USN-6424-1
USN-6424-1: kramdown vulnerability
First published: Tue Oct 10 2023(Updated: )
It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/ruby-kramdown | <1.17.0-4ubuntu0.2 | 1.17.0-4ubuntu0.2 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the kramdown vulnerability?
The vulnerability ID for the kramdown vulnerability is USN-6424-1.
What is the severity of the kramdown vulnerability?
The severity of the kramdown vulnerability is not specified in the information provided.
How does the kramdown vulnerability allow for arbitrary code execution?
The kramdown vulnerability allows for arbitrary code execution by not restricting Rouge formatters to the correct namespace.
What software is affected by the kramdown vulnerability?
The software affected by the kramdown vulnerability is ruby-kramdown version 1.17.0-4ubuntu0.2 on Ubuntu 20.04.
How can I fix the kramdown vulnerability?
To fix the kramdown vulnerability, upgrade to version 1.17.0-4ubuntu0.2 of the ruby-kramdown package.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/title
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04