Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht
RDoc contains XSS vulnerability
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Permalink: https://github.com/advisories/GHSA-v2r9-c84j-v7xmJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: over 1 year ago
EPSS Percentage: 0.00492
EPSS Percentile: 0.75893
Identifiers: GHSA-v2r9-c84j-v7xm, CVE-2013-0256
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-0256
- https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
- https://bugzilla.redhat.com/show_bug.cgi?id=907820
- https://github.com/advisories/GHSA-v2r9-c84j-v7xm
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html
- http://rhn.redhat.com/errata/RHSA-2013-0686.html
- http://rhn.redhat.com/errata/RHSA-2013-0701.html
- http://rhn.redhat.com/errata/RHSA-2013-0728.html
- http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/
- http://www.ubuntu.com/usn/USN-1733-1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml
- https://web.archive.org/web/20130402173730/http://blog.segment7.net:80/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2
Blast Radius: 0.0
Affected Packages
rubygems:rdoc
Dependent packages: 5,167Dependent repositories: 465,939
Downloads: 172,822,832 total
Affected Version Ranges: >= 2.3.0, < 3.12.1
Fixed in: 3.12.1
All affected versions: 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 3.0.1, 3.5.1, 3.5.2, 3.5.3, 3.6.1, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5
All unaffected versions: 2.0.0, 2.1.0, 2.2.0, 2.2.1, 3.12.1, 3.12.2, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 5.0.0, 5.0.1, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.4.0, 6.5.0, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.8.0, 6.8.1, 6.9.0, 6.9.1, 6.10.0