Johan Smits

**Name of the Vulnerable Software and Affected Versions** Redcarpet versions prior to 3.5.1 **Description** The issue is related to incorrect input sanitization in the Redcarpet library, which can enable a cross-site scripting attack. This is due to the lack of HTML escaping when processing quotes, even when the `:escape html` option is used. **Recommendations** For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of quotes in the Redcarpet library until a patch is available. Restrict access to the library to minimize the risk of exploitation. Avoid using the `:escape html` option in affected versions, as it does not provide the expected protection.