RubySec

Providing security resources for the Ruby community

CVE-2013-0256 (rdoc): CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template

ADVISORIES

GEM

rdoc

SEVERITY

CVSS v2: 4.3

PATCHED VERSIONS

  • ~> 3.9.5
  • ~> 3.12.1
  • >= 4.0

DESCRIPTION

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.