Your submission was sent successfully! Close

CVE-2013-0256

Published: 6 February 2013

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Notes

AuthorNote
jdstrand
rdoc part of ruby-defaults in Ubuntu 10.04 LTS and lower
darkfish.js only present in ruby1.9.1 on Ubuntu 11.10 and later
Priority

Medium

Status

Package Release Status
ruby-defaults
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(code-not-present)
oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

upstream Needs triage

ruby1.8
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored
(code-not-present)
oneiric Ignored
(code-not-present)
precise Ignored
(code-not-present)
quantal Ignored
(code-not-present)
raring Ignored
(code-not-present)
upstream Needs triage

ruby1.9
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Ignored
(code-not-present)
maverick Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

ruby1.9.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(code-not-present)
oneiric Ignored
(reached end-of-life)
precise
Released (1.9.3.0-1ubuntu2.5)
quantal
Released (1.9.3.194-1ubuntu1.3)
raring
Released (1.9.3.194-7ubuntu1)
upstream
Released (1.9.3.194-6)
Patches:
upstream: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
vendor: http://patch-tracker.debian.org/patch/series/view/ruby1.9.1/1.9.3.194-7/CVE-2013-0256.patch