Stan Hu

1 exploit Active since Mar 2021
CVE-2021-28834 WRITEUP CRITICAL WRITEUP
kramdown < 2.3.1 - Arbitrary Class Instantiation via Rouge Formatter
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
CVSS 9.8