4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
69.1%
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
It was found that documentation created by RDoc was vulnerable to a
cross-site scripting (XSS) attack. If such documentation was accessible
over a network, and a remote attacker could trick a user into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user’s session. As RDoc is used for creating
documentation for Ruby source files (such as classes, modules, and so on),
it is not a common scenario to make such documentation accessible over the
network. (CVE-2013-0256)
This update provides a number of updated rubygem packages that have had
their documentation regenerated with a corrected version of RDoc.
Red Hat would like to thank Eric Hodel of RDoc upstream for reporting this
issue. Upstream acknowledges Evgeny Ermakov as the original reporter.
Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct this issue.