Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht

RDoc contains XSS vulnerability

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Permalink: https://github.com/advisories/GHSA-v2r9-c84j-v7xm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 6 years ago
Updated: 10 months ago

Identifiers: GHSA-v2r9-c84j-v7xm, CVE-2013-0256
References:

Repository: https://github.com/rdoc/rdoc
Blast Radius: 0.0

Affected Packages

rubygems:rdoc

Dependent packages: 5,157
Dependent repositories: 465,939
Downloads: 146,013,224 total
Affected Version Ranges: >= 2.3.0, < 3.12.1
Fixed in: 3.12.1
All affected versions: 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 3.0.1, 3.5.1, 3.5.2, 3.5.3, 3.6.1, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5
All unaffected versions: 2.0.0, 2.1.0, 2.2.0, 2.2.1, 3.12.1, 3.12.2, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 5.0.0, 5.0.1, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.4.0, 6.5.0, 6.6.0, 6.6.1, 6.6.2