CVE-2020-26298 – Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, th …

11 January 2021

Vuln ID: CVE-2020-26298

Published: 2021-01-11 19:15:13Z

Description: Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.

Source: NVD.NIST.GOV

Date:

11 January 2021

Categorie(s):

NVD

Tag(s):

NVD

7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike27 April 2024
AI Helps Improve About Managed Detection and Response26 April 2024
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland – SWN #38126 April 2024
Impact of organizational structure on ransomware outcomes: Where does your org fit in?26 April 2024
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets26 April 2024