The vulnerability in the built-in RDoc documentation generator for the Ruby programming language relates to the possibility of restoring unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the built-in RDoc documentation generator for the Ruby programming language relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted .rdocoptions files...

[ASA-201910-4] ruby-rdoc: cross-site scripting

Arch Linux Security Advisory ASA-201910-4 ========================================= Severity: Medium Date : 2019-10-02 CVE-ID : CVE-2012-6708 CVE-2015-9251 Package : ruby-rdoc Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1041 Summary ======= The package...

rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...