Kramdown Project Kramdown — known CVE vulnerabilities
Every CVE whose affected-product data names Kramdown Project Kramdown, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-14001 — CVSS 9.8 (critical): The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read…
CVE-2021-28834 — CVSS 9.8 (critical): Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.