FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby -- XSS exploit of RDoc documentation generated by rdoc

Affected packages
1.9,1 <= ruby <,1
rubygem18-rdoc < 3.12.1
rubygem19-rdoc < 3.12.1


VuXML ID d3e96508-056b-4259-88ad-50dc8d1978a6
Discovery 2013-02-06
Entry 2013-02-16

Ruby developers report:

RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to apply a patch for the documentaion or re-generate it with security-fixed RDoc.


CVE Name CVE-2013-0256