security: Code Injection in kramdown
Issue created from vulnerability 7797534
Description:
Kramdown does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
- Severity: critical
- Confidence: unknown
- Location: Gemfile.lock
Solution:
Upgrade to version 2.3.1 or above.
Identifiers:
Links:
Scanner:
- Name: Gemnasium