Fluid Attacks Database

Description

RDoc contains XSS vulnerability darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rubygems	rdoc	>=2.3.0 <3.12.1	3.12.1

Aliases

1. CVE-2013-02562. NVD-2013-02563. OSV-2013-02564. GHSA-v2r9-c84j-v7xm5. GCVE-2013-0256

References

1. https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe602. https://bugzilla.redhat.com/show_bug.cgi?id=9078203. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2013-0256.yml4. https://web.archive.org/web/20130402173730/http://blog.segment7.net:80/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-25. http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html6. http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html7. http://rhn.redhat.com/errata/RHSA-2013-0686.html8. http://rhn.redhat.com/errata/RHSA-2013-0701.html9. http://rhn.redhat.com/errata/RHSA-2013-0728.html10. http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-025611. http://www.ubuntu.com/usn/USN-1733-1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.