CVE-2013-0256
The MITRE CVE dictionary describes this issue as:
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Find out more about CVE-2013-0256 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenShift Enterprise Client Tools | RHSA-2013:0701 | 2013-04-02 |
| Red Hat CloudForms Cloud Engine 1 (rubygem-rdoc) | RHSA-2013:0548 | 2013-02-21 |
| Red Hat Subscription Asset Manager 1.2 (rubygem-rdoc) | RHSA-2013:0686 | 2013-03-26 |
| Red Hat CloudForms System Engine 1 (rubygem-rdoc) | RHSA-2013:0548 | 2013-02-21 |
| Red Hat OpenShift Enterprise Client Tools | RHSA-2013:0728 | 2013-04-09 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | rubygem-haml | Will not fix |
| Red Hat Enterprise MRG 2 | rubygem-haml | Will not fix |
| Red Hat CloudForms Tools 1 | rubygem-rdoc | Will not fix |
| Red Hat CloudForms Tools 1 | rubygem-haml | Will not fix |
Acknowledgements
Red Hat would like to thank Eric Hodel of RDoc upstream for reporting this issue. Upstream acknowledges Evgeny Ermakov as the original issue reporter.External References
CVE description copyright © 2017, The MITRE Corporation