CVE-2013-0256 Medium Severity Vulnerability detected by WhiteSource
Opened this issue · 0 comments
CVE-2013-0256 - Medium Severity Vulnerability
Vulnerable Library - rdoc-3.12.gem
RDoc produces HTML and command-line documentation for Ruby projects. RDoc includes the +rdoc+ and +ri+ tools for generating and displaying online documentation.
See RDoc for a description of RDoc's markup and basic use.
path: /var/lib/gems/2.3.0/cache/rdoc-3.12.gem
Library home page: http://rubygems.org/gems/rdoc-3.12.gem
Dependency Hierarchy:
- rails-3.2.11.gem (Root Library)
- railties-3.2.22.5.gem
- ❌ rdoc-3.12.gem (Vulnerable Library)
- railties-3.2.22.5.gem
Vulnerability Details
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Publish Date: 2013-03-01
URL: CVE-2013-0256
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-0256
Release Date: 2013-03-01
Fix Resolution: 4.0.0.preview2.1
Step up your Open Source Security Game with WhiteSource here