{"id":"CVE-2020-14001","details":"The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=\"/etc/passwd\") or unintended embedded Ruby code execution (such as a string that begins with template=\"string://\u003c%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.","aliases":["GHSA-mqm2-cgpr-p4m6"],"modified":"2026-04-02T04:09:33.807707Z","published":"2020-07-17T16:15:11.230Z","related":["SUSE-SU-2022:3259-1","openSUSE-SU-2024:11336-1","openSUSE-SU-2024:12038-1","openSUSE-SU-2024:13161-1","openSUSE-SU-2024:14170-1","openSUSE-SU-2025:15119-1","openSUSE-SU-2026:10352-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/"},{"type":"ADVISORY","url":"https://rubygems.org/gems/kramdown"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4743"},{"type":"ADVISORY","url":"https://kramdown.gettalong.org"},{"type":"ADVISORY","url":"https://kramdown.gettalong.org/news.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200731-0004/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4562-1/"},{"type":"ADVISORY","url":"https://github.com/gettalong/kramdown"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html"},{"type":"FIX","url":"https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde"},{"type":"FIX","url":"https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gettalong/kramdown","events":[{"introduced":"0"},{"fixed":"84e305c87c3f9c4926031e83fefde3c883e919cb"},{"fixed":"1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.3.0"}]}}],"versions":["REL_0_10_0","REL_0_11_0","REL_0_12_0","REL_0_13_1","REL_0_13_2","REL_0_13_3","REL_0_13_4","REL_0_13_5","REL_0_13_6","REL_0_13_7","REL_0_13_8","REL_0_14_0","REL_0_14_1","REL_0_14_2","REL_0_1_0","REL_0_1_0_0","REL_0_1_0_1","REL_0_2_0","REL_0_3_0","REL_0_4_0","REL_0_5_0","REL_0_6_0","REL_0_7_0","REL_0_8_0","REL_0_9_0","REL_1_0_0","REL_1_0_1","REL_1_0_2","REL_1_10_0","REL_1_11_0","REL_1_11_1","REL_1_12_0","REL_1_13_0","REL_1_13_1","REL_1_13_2","REL_1_14_0","REL_1_15_0","REL_1_16_0","REL_1_16_1","REL_1_16_2","REL_1_17_0","REL_1_1_0","REL_1_2_0","REL_1_3_0","REL_1_3_1","REL_1_3_2","REL_1_3_3","REL_1_4_0","REL_1_4_1","REL_1_4_2","REL_1_5_0","REL_1_6_0","REL_1_7_0","REL_1_8_0","REL_1_9_0","REL_2_0_0","REL_2_1_0","REL_2_2_0","REL_2_2_1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14001.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}