CVE-2020-14001
high-risk
Published 2020-07-17
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
Do I need to act?
~
9.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (6)
Affected Vendors
References (26)
Third Party Advisory
https://github.com/gettalong/kramdown
Vendor Advisory
https://kramdown.gettalong.org
Release Notes
https://kramdown.gettalong.org/news.html
Third Party Advisory
https://rubygems.org/gems/kramdown
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200731-0004/
Third Party Advisory
https://usn.ubuntu.com/4562-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4743
Third Party Advisory
https://github.com/gettalong/kramdown
Vendor Advisory
https://kramdown.gettalong.org
Release Notes
https://kramdown.gettalong.org/news.html
and 6 more references
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
11/34 · Low
Exposure
13/34 · Low