1. CVE-Search
  2. CVE-2020-14001
ID CVE-2020-14001
Summary The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
References
Vulnerable Configurations
  • cpe:2.3:a:kramdown_project:kramdown:-:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:-:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.3.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.3.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.4.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.4.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.5.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.5.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.6.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.6.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.7.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.7.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.8.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.8.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.9.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.9.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.10.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.10.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.11.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.11.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.12.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.12.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.5:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.5:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.6:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.6:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.7:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.7:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.13.8:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.13.8:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.14.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.14.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.14.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.14.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:0.14.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:0.14.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.0.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.0.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.0.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.0.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.0.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.0.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.3.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.3.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.3.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.3.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.3.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.3.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.3.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.3.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.4.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.4.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.4.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.4.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.4.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.4.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.5.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.5.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.6.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.6.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.7.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.7.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.8.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.8.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.9.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.9.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.10.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.10.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.11.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.11.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.11.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.11.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.12.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.12.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.13.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.13.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.13.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.13.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.13.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.13.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.14.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.14.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.15.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.15.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.16.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.16.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.16.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.16.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.16.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.16.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:1.17.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:1.17.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:2.0.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:2.0.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:2.0.0:beta1:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:2.0.0:beta1:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:2.0.0:beta2:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:2.0.0:beta2:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:2.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:2.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:2.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:2.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:kramdown_project:kramdown:2.2.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:kramdown_project:kramdown:2.2.1:*:*:*:*:ruby:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
CVSS
Base: 7.5 (as of 28-04-2022 - 18:57)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm
debian DSA-4743
fedora
  • FEDORA-2020-5c70d97eca
  • FEDORA-2020-f6eee9a2d3
misc
mlist
  • [debian-lts-announce] 20200809 [SECURITY] [DLA 2316-1] ruby-kramdown security update
  • [fluo-notifications] 20200808 [GitHub] [fluo-website] ctubbsii opened a new pull request #194: Update gems
ubuntu USN-4562-1
Last major update 28-04-2022 - 18:57
Published 17-07-2020 - 16:15
Last modified 28-04-2022 - 18:57
Back to Top