CVE-2020-26298

Risk Scores

Affected Products

Timeline

• Jan 11, 2021 CVE Published
• Jan 11, 2021 PoC Published
• Apr 14, 2021 EPSS Score
• Jun 22, 2021 EPSS Score
• Aug 24, 2021 EPSS Score
• Dec 27, 2021 EPSS Score
• Jan 6, 2022 EPSS Score
• Feb 4, 2022 EPSS Score
• Feb 27, 2022 EPSS Score
• May 1, 2022 EPSS Score
• Jul 2, 2022 EPSS Score
• Sep 4, 2022 EPSS Score

References

• https://github.com/advisories/GHSA-q3wr-qw3g-3p4h url
• https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793 url
• https://rubygems.org/gems/redcarpet url
• https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md#version-351-security url
• [debian-lts-announce] 20210115 [SECURITY] [DLA 2526-1] ruby-redcarpet security update mailing-list
• DSA-4831 vendor-advisory
• FEDORA-2023-597f13ffb9 vendor-advisory
• FEDORA-2023-8682a0e17d vendor-advisory
• FEDORA-2023-44daa9c1d4 vendor-advisory
• https://nvd.nist.gov/vuln/detail/CVE-2020-26298 advisory
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/redcarpet/CVE-2020-26298.yml url
• https://github.com/vmg/redcarpet package
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFMYDIONVWATY7EB6EARDVXT47AYCRNM url
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNO4ZZUPGAEUXKQL4G2HRIH7CUZKPCT6 url
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXNNWHHAPREDM3XJDACYRTK7DBMUONBI url