RubyGems package
rdoc
pkg:gem/rdoc
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27281 | Med | 4.5 | >= 6.3.3, < 6.3.4.1 | 6.3.4.1 | May 14, 2024 | An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the cl | |
| CVE-2021-31799 | — | >= 3.11, < 6.1.2.1 | 6.1.2.1 | Jul 29, 2021 | In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | ||
| CVE-2013-0256 | — | >= 2.3.0, < 3.12.1 | 3.12.1 | Mar 1, 2013 | darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. |
- affected >= 6.3.3, < 6.3.4.1fixed 6.3.4.1
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the cl
- CVE-2021-31799Jul 29, 2021affected >= 3.11, < 6.1.2.1fixed 6.1.2.1
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
- CVE-2013-0256Mar 1, 2013affected >= 2.3.0, < 3.12.1fixed 3.12.1
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.