New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redcarpet 3.0.0 has XSS vulnerability #161

Closed
paulkoegel opened this Issue Aug 8, 2015 · 0 comments

Comments

Projects
None yet
2 participants
@paulkoegel

paulkoegel commented Aug 8, 2015

livingstyleguide.gemspec requires '~> 3.0.0' of redcarpet.

according to https://isitvulnerable.com/ this version of redcarpet is vulnerable:

https://isitvulnerable.com/vulns/557513c5-a667-4070-b464-af50813dbb77

there are not further redcarpet 3.0 patch levels:

we should update our redcarpet version to at least 3.2.3.

@hagenburger hagenburger added the bug label Aug 8, 2015

@hagenburger hagenburger self-assigned this Aug 8, 2015

oliverguenther added a commit to oliverguenther/openproject that referenced this issue Apr 25, 2016

oliverguenther added a commit to oliverguenther/openproject that referenced this issue Apr 26, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment