A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. References: https://github.com/jgarber/redcloth https://github.com/e23e/CVE-2023-31606#readme https://github.com/jgarber/redcloth/issues/73 https://lists.debian.org/debian-lts-announce/2023/07/msg00002.html
Created rubygem-RedCloth tracking bugs for this issue: Affects: epel-all [bug 2221257] Affects: fedora-all [bug 2221256]