Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Injection in Redcarpet
Vulnerability Description
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Vicent Martí Redcarpet 注入漏洞
Vulnerability Description
Vicent Martí Redcarpet是Vicent Martí个人开发者的一个基于Rust可对Markdown语法进行解析的代码库。 Redcarpet before version 3.5.1 存在注入漏洞,该漏洞源于在处理引号时不会执行HTML转义。
CVSS Information
N/A
Vulnerability Type
N/A