AZL-40675 CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

SUSE CVE-2013-0256

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

DEBIAN-CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

Ruby 命令注入漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. Ruby suffers from a command injection vulnerability that stems from incorrect input validation, which can be exploited by an unauthenticated, remote attacker to pas...

rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

PT-2013-2191 · Ruby +2 · Rdoc +3

Name of the Vulnerable Software and Affected Versions: RDoc versions 2.3.0 through 3.12 RDoc versions 4.x before 4.0.0.preview2.1 Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL, due to improper document generation by darkfish.js in RDo...