FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

RDoc -- multiple jQuery vulnerabilities

Affected packages
2.4.0,1 <= ruby < 2.4.7,1
2.5.0,1 <= ruby < 2.5.6,1
2.6.0,1 <= ruby < 2.6.3,1
rubygem-rdoc < 6.1.2

Details

VuXML ID ed8d5535-ca78-11e9-980b-999ff59c22ea
Discovery 2019-08-28
Entry 2019-08-29
Modified 2019-08-31

Ruby news:

There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.

The following vulnerabilities have been reported.

CVE-2012-6708

CVE-2015-9251

References

CVE Name CVE-2012-6708
CVE Name CVE-2015-9251
URL https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/