Ruby -- XSS exploit of RDoc documentation generated by rdoc

2013-02-0600:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

Ruby developers report:

RDoc documentation generated by rdoc bundled with ruby are
vulnerable to an XSS exploit. All ruby users are recommended to
update ruby to newer version which includes security-fixed RDoc. If
you are publishing RDoc documentation generated by rdoc, you are
recommended to apply a patch for the documentaion or re-generate it
with security-fixed RDoc.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchruby= 1.9,1UNKNOWN
FreeBSDanynoarchruby< 1.9.3.385,1UNKNOWN
FreeBSDanynoarchrubygem18-rdoc< 3.12.1UNKNOWN
FreeBSDanynoarchrubygem19-rdoc< 3.12.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ruby	= 1.9,1	UNKNOWN
FreeBSD	any	noarch	ruby	< 1.9.3.385,1	UNKNOWN
FreeBSD	any	noarch	rubygem18-rdoc	< 3.12.1	UNKNOWN
FreeBSD	any	noarch	rubygem19-rdoc	< 3.12.1	UNKNOWN