ADVISORIES

• CVE-2013-0256 (NVD)
• GHSA-v2r9-c84j-v7xm
• OSVDB-90004

GEM

rdoc

SEVERITY

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

• ~> 3.9.5
• ~> 3.12.1
• >= 4.0

DESCRIPTION

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.