Asciidoctor Include Ext Project

asciidoctor-include-ext_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Asciidoctor Include Ext

asciidoctor-include-ext

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24803 1Asciidoctor Include Ext Project 1Asciidoctor Include Ext Nov 21, 2024 Apr 1, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arb...Show more Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-24803

1Asciidoctor Include Ext Project

1Asciidoctor Include Ext

Nov 21, 2024

Apr 1, 2022

N/A· v4

9.8 CRITICAL· v3

10.0 HIGH· v2

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.Show less