Asciidoctor allows remote attackers to cause a denial of service (infinite loop), as demonstrated by web applications that deliver untrusted input to this product, because Parser#next_block misuses a "while true" statement. Upstream issue: https://github.com/asciidoctor/asciidoctor/issues/2888
Created rubygem-asciidoctor tracking bugs for this issue: Affects: epel-7 [bug 1640728] Affects: fedora-all [bug 1640727]
Statement: The version of rubygem-asciidoctor included in Red Hat Virtualization is affected by this flaw, however it is not exposed to user input in such a way that the vulnerability could be exploited by an attacker.
A fix is now available upstream. The fix is in master at the time of this comment and will be included in the upcoming 1.5.8 release.