AVG-1041 log
Package | ruby-rdoc |
Status | Fixed |
Severity | Medium |
Type | cross-site scripting |
Affected | 6.1.1-1 |
Fixed | 6.1.2-1 |
Current |
6.6.3.1-1 [extra-testing] 6.5.1.1-2 [extra] |
Ticket | FS#63978 |
Created | Wed Oct 2 11:44:41 2019 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2015-9251 | Medium | Yes | Cross-site scripting | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing... |
CVE-2012-6708 | Medium | Yes | Cross-site scripting | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a... |
Date | Advisory | Package | Type |
---|---|---|---|
02 Oct 2019 | ASA-201910-4 | ruby-rdoc | cross-site scripting |
References |
---|
https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/ |
Notes |
---|
RDoc is a static documentation generation tool, patching the tool itself is insufficient to mitigate these vulnerabilities. Documentations generated with previous versions have to be re-generated with newer RDoc. |