There is a vulnerability in kramdown 2.1.0 ,upgrade recommended

apache / mxnet

Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

https://mxnet.apache.org

Apache License 2.0

20.77k stars 6.79k forks source link

There is a vulnerability in kramdown 2.1.0 ,upgrade recommended #20308

Open QiAnXinCodeSafe opened 3 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/apache/incubator-mxnet/blob/57d0ace3a9b89032896822dd27af870a9b446d83/docs/static_site/src/Gemfile.lock#L40

CVE-2020-14001 CVE-2021-28834

Recommended upgrade version：2.3.1

github-actions[bot] commented 3 years ago

Welcome to Apache MXNet (incubating)! We are on a mission to democratize AI, and we are glad that you are contributing to it by opening this issue. Please make sure to include all the relevant context, and one of the @apache/mxnet-committers will be here shortly. If you are interested in contributing to our project, let us know! Also, be sure to check out our guide on contributing to MXNet and our development guides wiki.