CVE-2013-0256

Опубликовано: 01 мар. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Ссылки

http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0548.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0686.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0701.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0728.html
Third Party Advisory
http://secunia.com/advisories/52774
Third Party Advisory
http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/
Vendor Advisory
http://www.ubuntu.com/usn/USN-1733-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=907820
Issue Tracking
https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
Third Party Advisory
http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0548.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0686.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0701.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0728.html
Third Party Advisory
http://secunia.com/advisories/52774
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ruby-lang:rdoc:*:*:*:*:*:ruby:*:*

Версия от 2.3.0 (включая) до 3.12 (исключая)

cpe:2.3:a:ruby-lang:rdoc:4.0.0:preview2:*:*:*:ruby:*:*

cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03584

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2013-0256

ubuntu

почти 13 лет назад

CVE-2013-0256

redhat

около 13 лет назад

CVE-2013-0256

debian

почти 13 лет назад

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1 ...

GHSA-v2r9-c84j-v7xm

github

больше 8 лет назад

RDoc contains XSS vulnerability

EPSS

Процентиль: 87%

0.03584

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79