FLAT-JCZDW – Vulnerability | Fluid Attacks Database

Database

Description

insufficient validation

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rubygems	kramdown	>=1.16.0 <2.3.1	2.3.1
debian 11	ruby-kramdown	>=0 <2.3.0-5	2.3.0-5
debian 12	ruby-kramdown	>=0 <2.3.0-5	2.3.0-5
debian 13	ruby-kramdown	>=0 <2.3.0-5	2.3.0-5
debian 14	ruby-kramdown	>=0 <2.3.0-5	2.3.0-5
alpm rolling_release	ruby-kramdown	>=2.3.0-1 <2.3.1-1	2.3.1-1

Aliases

1. CVE-2021-288342. NVD-2021-288343. OSV-2021-288344. OSV-DEBIAN-2021-288345. GCVE-2021-288346. SECURITY-TRACKER-CVE-2021-28834

References

1. https://github.com/gettalong/kramdown/pull/7082. https://github.com/stanhu/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b24227603. https://github.com/stanhu/kramdown/commit/ff0218aefcf00cd5a389e17e075d36cd46d011e24. https://about.gitlab.com/releases/2021/03/17/security-release-gitlab-13-9-4-released/#remote-code-execution-via-unsafe-user-controlled-markdown-rendering-options5. https://github.com/gettalong/kramdown/compare/REL_2_3_0...REL_2_3_16. https://gitlab.com/gitlab-org/gitlab/-/commit/179329b5c3c118924fb242dc449d06b4ed6ccb667. https://lists.fedoraproject.org/archives/list/[email protected]/message/NJCJVYHPY6LNUFM6LYZIAUIYOMVT5QGV8. https://lists.fedoraproject.org/archives/list/[email protected]/message/S3BBLUIDCUUR3NEE4NJLOCCAV3ALQ3O69. https://lists.fedoraproject.org/archives/list/[email protected]/message/SYOLQKFL6IJCQLBXV34Z4TI4O54GESPR10. https://www.debian.org/security/2021/dsa-4890