XSS in qiita-markdown
Published: August 02, 2021
SECURITY IDENTIFIERS
- CVE: CVE-2021-28833 (NVD)
- GHSA: GHSA-9p29-94hp-8rvc
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
PATCHED VERSIONS
>= 0.34.0
DESCRIPTION
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.