| Impact |
| - |
A remote attacker is able to bypass path restrictions, perform a denial of service attack, inject malicious content or call an arbitrary Ruby method under certain circumstances. |
| - |
Furthermore, an attacker is able to perform cross-side scripting attacks by tricking users to generate documentation with a vulnerable RDoc version. RDoc is a static documentation generation tool, patching the tool itself is insufficient to mitigate these vulnerabilities. Documentations generated with previous versions have to be re-generated with newer RDoc. |
| + |
A remote attacker is able to bypass path restrictions, perform a denial of service attack, inject malicious content or call an arbitrary Ruby method under certain circumstances. Furthermore, an attacker is able to perform cross-side scripting attacks by tricking users to generate documentation with a vulnerable RDoc version. RDoc is a static documentation generation tool, patching the tool itself is insufficient to mitigate these vulnerabilities. Documentations generated with previous versions have to be re-generated with newer RDoc. |
|