2021-03-19 06:51:15
mitre
PUBLISHED
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.