Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0256 at MITRE


darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 802406

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Standard Edition 1.2
WebYaST 1.2
  • rubygem-rdoc >= 2.5.11-0.7.3
SAT Patch Nr: 7394
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-rdoc >= 3.9.1-0.8.3
SAT Patch Nr: 7390
SUSE Studio Onsite 1.3
  • ruby19 >= 1.9.3.p392-0.7.1
  • ruby19-devel >= 1.9.3.p392-0.7.1
  • ruby19-devel-extra >= 1.9.3.p392-0.7.1
SAT Patch Nr: 7496