kramdown gem for Ruby 注入漏洞

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde

来源:CONFIRM

链接:https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0

来源:MISC

链接:https://kramdown.gettalong.org

来源:CONFIRM

链接:https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde

来源:MISC

链接:https://rubygems.org/gems/kramdown

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/

来源:MLIST

链接:https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E

来源:CONFIRM

链接:https://kramdown.gettalong.org/news.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/

来源:UBUNTU

链接:https://usn.ubuntu.com/4562-1/

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20200731-0004/

来源:DEBIAN

链接:https://www.debian.org/security/2020/dsa-4743

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3419/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2749/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Ruby-Kramdown-code-execution-via-template-option-33039

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-14001

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159713/Ubuntu-Security-Notice-USN-4562-2.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2740/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159435/Ubuntu-Security-Notice-USN-4562-1.html