RubySec

Providing security resources for the Ruby community

CVE-2021-28833 (qiita-markdown): XSS in qiita-markdown

ADVISORIES

GEM

qiita-markdown

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

  • >= 0.34.0

DESCRIPTION

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories