Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-14001: Unintended read access in kramdown gem #1579

Closed
wenbozhu opened this issue Aug 10, 2020 · 0 comments · Fixed by #1581
Closed

CVE-2020-14001: Unintended read access in kramdown gem #1579

wenbozhu opened this issue Aug 10, 2020 · 0 comments · Fixed by #1581
Assignees
@johanbrandhorst

Comments

@wenbozhu
Copy link

🚀 vulnerable dependency in the repository

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
@johanbrandhorst johanbrandhorst self-assigned this Aug 11, 2020
johanbrandhorst added a commit that referenced this issue Aug 11, 2020
@johanbrandhorst
Update github-pages
f115f2e 
Fixes #1579
@johanbrandhorst johanbrandhorst mentioned this issue Aug 11, 2020
Merged
johanbrandhorst added a commit that referenced this issue Aug 11, 2020
@johanbrandhorst
Update github-pages
7fa3415 
Fixes #1579
johanbrandhorst added a commit that referenced this issue Aug 11, 2020
@johanbrandhorst
Update github-pages
9b60729 
Fixes #1579
johanbrandhorst added a commit that referenced this issue Aug 11, 2020
@johanbrandhorst
Update gems v2 (#1582)
50c892c 
* Update github-pages

Fixes #1579

* Change HTTPBody formatting to avoid mustache expansion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johanbrandhorst johanbrandhorst

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update github-pages grpc-ecosystem/grpc-gateway
2 participants
@wenbozhu @johanbrandhorst