ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.8 (Medium)
PATCHED VERSIONS
- >= 3.5.1
DESCRIPTION
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before
version 3.5.1, there is an injection vulnerability which can enable a cross-site
scripting attack. In affected versions no HTML escaping was being performed when
processing quotes. This applies even when the :escape_html option was being used.