ADVISORIES

• CVE-2012-6684 (NVD)
• GHSA-r23g-3qw4-gfh2
• Vendor Advisory

GEM

redcloth

SEVERITY

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

• >= 4.3.0

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URI.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2012-6684
• http://co3k.org/blog/redcloth-unfixed-xss-en
• https://gist.github.com/co3k/75b3cb416c342aa1414c
• https://github.com/jgarber/redcloth/commit/b24f03db023d1653d60dd33b28e09317cd77c6a0
• https://github.com/advisories/GHSA-r23g-3qw4-gfh2
• http://seclists.org/fulldisclosure/2014/Dec/50
• http://www.debian.org/security/2015/dsa-3168
• https://web.archive.org/web/20150128115714/http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss