CVE-2021-31799

CVE-2021-31799 affects RDoc (3.11–6.x, before 6.3.1) packaged with Ruby up to 3.0.1. An attacker can execute arbitrary code via special characters in a filename when running rdoc, enabling OS command execution. The connected advisories and vendor pages confirm the issue and remediation path. Impa...

CVE-2013-0256

CVE-2013-0256 affects Ruby’s RDoc/darkfish.js: XSS via crafted URLs in RDoc-generated documentation. Affected: darkfish.js handling in RDoc versions 2.3.0–3.12 and 4.x before 4.0.0.preview2.1. Impact: remote script execution in the context of the user’s session when documentation is viewed over t...