Skip to content
This repository was archived by the owner on Oct 31, 2023. It is now read-only.
This repository was archived by the owner on Oct 31, 2023. It is now read-only.

redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown  #14

Open
Open
redcarpet <=3.2.2 (and related ruby gems) allow for possible XSS via autolinking of untrusted markdown #14
@ktdreyer

Description

@ktdreyer
ktdreyer
opened on Apr 12, 2015

middleware depends on redcarpet 2.x. From middleware.gemspec:

  gem.add_development_dependency "redcarpet", "~> 2.1.0"

This version of redcarpet is very old and is vulnerable to cross-site scripting, as described in this blog post: http://danlec.com/blog/bug-in-sundown-and-redcarpet

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions