CVE-2013-0256

2013-02-0600:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as
used in Ruby, does not properly generate documents, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699929>

Notes

Author	Note
jdstrand	rdoc part of ruby-defaults in Ubuntu 10.04 LTS and lower darkfish.js only present in ruby1.9.1 on Ubuntu 11.10 and later

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchruby1.9.1< 1.9.3.0-1ubuntu2.5UNKNOWN
ubuntu12.10noarchruby1.9.1< 1.9.3.194-1ubuntu1.3UNKNOWN
ubuntu13.04noarchruby1.9.1< 1.9.3.194-7ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	ruby1.9.1	< 1.9.3.0-1ubuntu2.5	UNKNOWN
ubuntu	12.10	noarch	ruby1.9.1	< 1.9.3.194-1ubuntu1.3	UNKNOWN
ubuntu	13.04	noarch	ruby1.9.1	< 1.9.3.194-7ubuntu1	UNKNOWN