FreeBSD : rubygem-redcarpet -- XSS vulnerability (c368155a-fa83-11e4-bc58-001e67150279)

High Nessus Plugin ID 83514


The remote FreeBSD host is missing a security-related update.


Daniel LeCheminant reports :

When markdown is being presented as HTML, there seems to be a strange interaction between _ and @ that lets an attacker insert malicious tags.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 83514

File Name: freebsd_pkg_c368155afa8311e4bc58001e67150279.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2015/05/18

Modified: 2015/05/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rubygem-redcarpet, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/05/14

Vulnerability Publication Date: 2015/04/07