ArchLinux: 201910-4: ruby-rdoc: cross-site scripting

    Date03 Oct 2019
    Posted ByLinuxSecurity Advisories
    The package ruby-rdoc before version 6.1.2-1 is vulnerable to cross- site scripting.
    Arch Linux Security Advisory ASA-201910-4
    Severity: Medium
    Date    : 2019-10-02
    CVE-ID  : CVE-2012-6708 CVE-2015-9251
    Package : ruby-rdoc
    Type    : cross-site scripting
    Remote  : Yes
    Link    :
    The package ruby-rdoc before version 6.1.2-1 is vulnerable to cross-
    site scripting.
    Upgrade to 6.1.2-1.
    # pacman -Syu "ruby-rdoc>=6.1.2-1"
    The problems have been fixed upstream in version 6.1.2.
    - CVE-2012-6708 (cross-site scripting)
    jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS)
    attacks. The jQuery(strInput) function does not differentiate selectors
    from HTML in a reliable fashion. In vulnerable versions, jQuery
    determined whether the input was HTML by looking for the '<' character
    anywhere in the string, giving attackers more flexibility when
    attempting to construct a malicious payload. In fixed versions, jQuery
    only deems the input to be HTML if it explicitly starts with the '<'
    character, limiting exploitability only to attackers who can control
    the beginning of a string, which is far less common.
    - CVE-2015-9251 (cross-site scripting)
    jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks
    when a cross-domain Ajax request is performed without the dataType
    option, causing text/javascript responses to be executed.
    An attacker is able to perform cross-side scripting attacks by tricking
    users to generate documentation with a vulnerable RDoc version. RDoc is
    a static documentation generation tool, patching the tool itself is
    insufficient to mitigate these vulnerabilities. Documentations
    generated with previous versions have to be re-generated with newer

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.