RedCloth 4.2.5

2 security vulnerabilities found in version 4.2.5

RedCloth Regular Expression Denial of Service issue

high severity CVE-2023-31606
high severity CVE-2023-31606
Patched versions: >= 4.3.3
Unaffected versions: < 4.0.0

A Regular Expression Denial of Service (ReDoS) issue was discovered in the "sanitize_html" function of RedCloth gem >= v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

CVE-2012-6684 rubygem-RedCloth: XSS vulnerability

medium severity CVE-2012-6684
medium severity CVE-2012-6684
Patched versions: >= 4.3.0

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

Gem version without a license.


Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.

This gem version is available.


This gem version has not been yanked and is still available for usage.