Ubuntu Security Notice 6424-1 - It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code.
cb84ed93ee82dec6af195f72986f8154e0b895e8bab9ab6209eb559862c1420d
Debian Linux Security Advisory 4890-1 - Stan Hu discovered that kramdown, a pure Ruby Markdown parser and converter, performed insufficient namespace validation of Rouge syntax highlighting formatters.
60fe6ac5fd6c7b4347f726fe140eae03e02e88ad5e42ce04e067b8d63dd4276d