osgirl/omrails

CVE-2013-0256 Medium Severity Vulnerability detected by WhiteSource

Opened this issue · 0 comments

mend-bolt-for-github commented

CVE-2013-0256 - Medium Severity Vulnerability

Vulnerable Library - rdoc-3.12.gem

RDoc produces HTML and command-line documentation for Ruby projects. RDoc includes the +rdoc+ and +ri+ tools for generating and displaying online documentation.

See RDoc for a description of RDoc's markup and basic use.

path: /var/lib/gems/2.3.0/cache/rdoc-3.12.gem

Library home page: http://rubygems.org/gems/rdoc-3.12.gem

Dependency Hierarchy:

  • rails-3.2.11.gem (Root Library)
    • railties-3.2.22.5.gem
      • rdoc-3.12.gem (Vulnerable Library)

Vulnerability Details

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Publish Date: 2013-03-01

URL: CVE-2013-0256

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-0256

Release Date: 2013-03-01

Fix Resolution: 4.0.0.preview2.1

Step up your Open Source Security Game with WhiteSource here