Security Advisory

CVE-2020-26298

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-11 00:00:00

Last updated 2025-02-13 16:27:42

Assigner GitHub_M

State PUBLISHED

Description

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.

← Browse all CVEs View on cve.org ↗