AVG-1041 log
| Package | ruby-rdoc |
| Status | Fixed |
| Severity | Medium |
| Type | cross-site scripting |
| Affected | 6.1.1-1 |
| Fixed | 6.1.2-1 |
| Current | 6.6.3.1-1 [extra] |
| Ticket | FS#63978 |
| Created | Wed Oct 2 11:44:41 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2015-9251 | Medium | Yes | Cross-site scripting | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing... |
| CVE-2012-6708 | Medium | Yes | Cross-site scripting | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 02 Oct 2019 | ASA-201910-4 | ruby-rdoc | cross-site scripting |
| References |
|---|
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/ |
| Notes |
|---|
RDoc is a static documentation generation tool, patching the tool itself is insufficient to mitigate these vulnerabilities. Documentations generated with previous versions have to be re-generated with newer RDoc. |