A denial of service vulnerability has been found in RedCloth.
Package | dev-ruby/redcloth on all architectures |
---|---|
Affected versions | < 4.3.2-r5 |
Unaffected versions | >= 4.3.2-r5 |
RedCloth is a module for using Textile in Ruby
A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details.
RedCloth is vulnerable to a regular expression denial of service ("ReDoS") attack via the sanitize_html function.
There is no known workaround at this time.
All RedCloth users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-ruby/redcloth-4.3.2-r5"
Release date
January 10, 2024
Latest revision
January 10, 2024: 1
Severity
low
Exploitable
remote
Bugzilla entries