Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht

RDoc contains XSS vulnerability

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Permalink: https://github.com/advisories/GHSA-v2r9-c84j-v7xm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 7 years ago
Updated: over 1 year ago


EPSS Percentage: 0.00492
EPSS Percentile: 0.75893

Identifiers: GHSA-v2r9-c84j-v7xm, CVE-2013-0256
References: Repository: https://github.com/rdoc/rdoc
Blast Radius: 0.0

Affected Packages

rubygems:rdoc
Dependent packages: 5,167
Dependent repositories: 465,939
Downloads: 172,822,832 total
Affected Version Ranges: >= 2.3.0, < 3.12.1
Fixed in: 3.12.1
All affected versions: 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 3.0.1, 3.5.1, 3.5.2, 3.5.3, 3.6.1, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5
All unaffected versions: 2.0.0, 2.1.0, 2.2.0, 2.2.1, 3.12.1, 3.12.2, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 5.0.0, 5.0.1, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.4.0, 6.5.0, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.8.0, 6.8.1, 6.9.0, 6.9.1, 6.10.0