CVE-2021-28796 (qiita-markdown): Cross-Site Scripting in Qiita::Markdown

August 2nd, 2021

Cross-Site Scripting in Qiita::Markdown

Published: August 02, 2021

SECURITY IDENTIFIERS

CVE: CVE-2021-28796 (NVD)
GHSA: GHSA-f2c9-5jqw-3xh3

GEM

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

>= 0.33.0

DESCRIPTION

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.