Search for packages
| purl | pkg:gem/RedCloth@4.0.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4key-48mr-13f4
Aliases: CVE-2012-6684 GHSA-r23g-3qw4-gfh2 OSV-115941 |
Textile Link Parsing XSS RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. |
Affected by 1 other vulnerability. |
|
VCID-5wd2-9wcr-ayg4
Aliases: CVE-2023-31606 GHSA-qcm3-vfq5-wfr2 |
Inefficient Regular Expression Complexity A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T10:18:50.609769+00:00 | Ruby Importer | Affected by | VCID-5wd2-9wcr-ayg4 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/RedCloth/CVE-2023-31606.yml | 38.6.0 |
| 2026-05-31T10:15:02.894008+00:00 | Ruby Importer | Affected by | VCID-4key-48mr-13f4 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/RedCloth/CVE-2012-6684.yml | 38.6.0 |
| 2026-05-31T09:33:41.419700+00:00 | GitLab Importer | Affected by | VCID-4key-48mr-13f4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/RedCloth/CVE-2012-6684.yml | 38.6.0 |