Lucene search

GoogleOSV:GHSA-V2R9-C84J-V7XM

HistoryOct 24, 2017 - 6:33 p.m.

RDoc contains XSS vulnerability

2017-10-2418:33:37

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.5%

JSON

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

CPENameOperatorVersion
rdoceq2.4.0
rdoceq3.5.1
rdoceq3.10
rdoceq3.4
rdoceq3.0
rdoceq3.5
rdoceq3.5.3
rdoceq2.5.9
rdoceq3.9.5
rdoceq2.4.3

Name	Operator	Version
rdoc	eq	2.4.0
rdoc	eq	3.5.1
rdoc	eq	3.10
rdoc	eq	3.4
rdoc	eq	3.0
rdoc	eq	3.5
rdoc	eq	3.5.3
rdoc	eq	2.5.9
rdoc	eq	3.9.5
rdoc	eq	2.4.3

Rows per page:

1-10 of 431

References

lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

lists.opensuse.org/opensuse-updates/2013-02/msg00048.html

rhn.redhat.com/errata/RHSA-2013-0686.html

rhn.redhat.com/errata/RHSA-2013-0701.html

rhn.redhat.com/errata/RHSA-2013-0728.html

www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256

www.ubuntu.com/usn/USN-1733-1

bugzilla.redhat.com/show_bug.cgi?id=907820

github.com/advisories/GHSA-v2r9-c84j-v7xm

github.com/rdoc/rdoc

github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60

github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml

nvd.nist.gov/vuln/detail/CVE-2013-0256

web.archive.org/web/20130402173730/blog.segment7.net:80/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for OSV:GHSA-V2R9-C84J-V7XM