VulnerableCode Package Details - pkg:gem/RedCloth@3.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-4key-48mr-13f4 Aliases: CVE-2012-6684 GHSA-r23g-3qw4-gfh2 OSV-115941	Textile Link Parsing XSS RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.	4.3.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-5wd2-9wcr-ayg4 Aliases: CVE-2023-31606 GHSA-qcm3-vfq5-wfr2	Inefficient Regular Expression Complexity A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.	4.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4key-48mr-13f4
Aliases:
CVE-2012-6684
GHSA-r23g-3qw4-gfh2
OSV-115941

Textile Link Parsing XSS RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

4.3.0
Affected by 1 other vulnerability.

VCID-5wd2-9wcr-ayg4
Aliases:
CVE-2023-31606
GHSA-qcm3-vfq5-wfr2

Inefficient Regular Expression Complexity A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

4.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T07:28:17.928406+00:00	GitLab Importer	Affected by	VCID-5wd2-9wcr-ayg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/RedCloth/CVE-2023-31606.yml	38.6.0
2026-05-31T10:18:50.603478+00:00	Ruby Importer	Affected by	VCID-5wd2-9wcr-ayg4	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/RedCloth/CVE-2023-31606.yml	38.6.0
2026-05-31T10:15:02.889132+00:00	Ruby Importer	Affected by	VCID-4key-48mr-13f4	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/RedCloth/CVE-2012-6684.yml	38.6.0
2026-05-31T09:33:41.402699+00:00	GitLab Importer	Affected by	VCID-4key-48mr-13f4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/RedCloth/CVE-2012-6684.yml	38.6.0