redcarpet 3.2.3
1 security vulnerability
found in version
3.2.3
Injection/XSS in Redcarpet
high severity CVE-2020-26298
high severity
CVE-2020-26298
Patched versions:
>= 3.5.1
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before
version 3.5.1, there is an injection vulnerability which can enable a cross-site
scripting attack. In affected versions no HTML escaping was being performed when
processing quotes. This applies even when the :escape_html
option was being used.
1 memory leak
found in version
3.2.3
Memory Leak in Redcarpet::Render::Base
516
Patched versions:
>= 3.3
Leaky versions:
< 3.3.3
rb_redcarpet_rbase_alloc used to allocate a struct rb_redcarpet_rndr instance which was never freed.
This caused 312 leaked bytes (on a 64-bit machine) on every render call
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.