{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=\"/etc/passwd\") or unintended embedded Ruby code execution (such as a string that begins with template=\"string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T15:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/gettalong/kramdown"}, {"tags": ["x_refsource_MISC"], "url": "https://kramdown.gettalong.org"}, {"tags": ["x_refsource_MISC"], "url": "https://rubygems.org/gems/kramdown"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kramdown.gettalong.org/news.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200731-0004/"}, {"name": "[fluo-notifications] 20200808 [GitHub] [fluo-website] ctubbsii opened a new pull request #194: Update gems", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E"}, {"name": "[debian-lts-announce] 20200809 [SECURITY] [DLA 2316-1] ruby-kramdown security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html"}, {"name": "DSA-4743", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4743"}, {"name": "FEDORA-2020-f6eee9a2d3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/"}, {"name": "FEDORA-2020-5c70d97eca", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/"}, {"name": "USN-4562-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4562-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=\"/etc/passwd\") or unintended embedded Ruby code execution (such as a string that begins with template=\"string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/gettalong/kramdown", "refsource": "MISC", "url": "https://github.com/gettalong/kramdown"}, {"name": "https://kramdown.gettalong.org", "refsource": "MISC", "url": "https://kramdown.gettalong.org"}, {"name": "https://rubygems.org/gems/kramdown", "refsource": "MISC", "url": "https://rubygems.org/gems/kramdown"}, {"name": "https://kramdown.gettalong.org/news.html", "refsource": "CONFIRM", "url": "https://kramdown.gettalong.org/news.html"}, {"name": "https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde", "refsource": "CONFIRM", "url": "https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde"}, {"name": "https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0", "refsource": "CONFIRM", "url": "https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0"}, {"name": "https://security.netapp.com/advisory/ntap-20200731-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200731-0004/"}, {"name": "[fluo-notifications] 20200808 [GitHub] [fluo-website] ctubbsii opened a new pull request #194: Update gems", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E"}, {"name": "[debian-lts-announce] 20200809 [SECURITY] [DLA 2316-1] ruby-kramdown security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html"}, {"name": "DSA-4743", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4743"}, {"name": "FEDORA-2020-f6eee9a2d3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/"}, {"name": "FEDORA-2020-5c70d97eca", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/"}, {"name": "USN-4562-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4562-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.657Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gettalong/kramdown"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kramdown.gettalong.org"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://rubygems.org/gems/kramdown"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kramdown.gettalong.org/news.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200731-0004/"}, {"name": "[fluo-notifications] 20200808 [GitHub] [fluo-website] ctubbsii opened a new pull request #194: Update gems", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E"}, {"name": "[debian-lts-announce] 20200809 [SECURITY] [DLA 2316-1] ruby-kramdown security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html"}, {"name": "DSA-4743", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4743"}, {"name": "FEDORA-2020-f6eee9a2d3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/"}, {"name": "FEDORA-2020-5c70d97eca", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/"}, {"name": "USN-4562-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4562-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14001", "datePublished": "2020-07-17T15:27:54", "dateReserved": "2020-06-10T00:00:00", "dateUpdated": "2024-08-04T12:32:14.657Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kramdown_project:kramdown:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "796E1C66-E0EF-4C52-B378-FE4382555C86", "versionEndExcluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=\"/etc/passwd\") or unintended embedded Ruby code execution (such as a string that begins with template=\"string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum."}, {"lang": "es", "value": "La gema kramdown versiones anteriores a 2.3.0 para Ruby procesa la opci\u00f3n de plantilla dentro de los documentos de Kramdown por defecto, lo que permite el acceso de lectura no deseada (tal y como template=\"/etc/passwd\") o la ejecuci\u00f3n de c\u00f3digo Ruby insertado no previsto (tal y como una cadena que comienza con template=\"string://(%= \"). NOTA: kramdown es usado en Jekyll, GitLab Pages, GitHub Pages y Thredded Forum"}], "id": "CVE-2020-14001", "lastModified": "2023-11-07T03:17:05.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-17T16:15:11.230", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/gettalong/kramdown"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kramdown.gettalong.org"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://kramdown.gettalong.org/news.html"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://rubygems.org/gems/kramdown"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200731-0004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4562-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4743"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rubygem-kramdown: processing template options inside documents allows unintended read access or embedded Ruby code execution", "id": "1858395", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858395"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-20->(CWE-77|CWE-552)", "details": ["The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=\"/etc/passwd\") or unintended embedded Ruby code execution (such as a string that begins with template=\"string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.", "A flaw was found in rubygem-kramdown in versions prior to 2.3.0. The template option allows unintended read access or embedded Ruby code execution which is enabled in Kramdown by default. The highest threat from this vulnerability is to data confidentiality and integrity."], "name": "CVE-2020-14001", "public_date": "2020-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14001\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14001"], "statement": "Rubygem-kramdown is not shipped in Red Hat Enterprise Linux 8 and is only used as a buildtime dependency only. Customers are not at risk for exploitation of this flaw.", "threat_severity": "Important", "upstream_fix": "rubygem-kramdown 2.3.0"}