Search for packages
| purl | pkg:gem/rdoc@4.2.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3s9f-prpy-hbcx
Aliases: CVE-2019-11358 GHSA-6c3j-c64m-qhgq |
Cross-site Scripting The jQuery library, which is included in rdoc, mishandles `jQuery.extend(true, {}, ...)` because of Object.prototype pollution. If an unsanitized source object contained an enumerable `__proto__` property, it could extend the native `Object.prototype.` |
Affected by 1 other vulnerability. |
|
VCID-a1z8-2fdu-1uhd
Aliases: CVE-2021-31799 GHSA-ggxm-pgc9-g7fp |
Arbitrary Code Execution in Rdoc In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tmjp-8edk-nyh3
Aliases: CVE-2015-9251 GHSA-rmxg-73gg-4p98 |
The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing `text/javascript` responses to be executed. |
Affected by 1 other vulnerability. |
|
VCID-xdph-4cg9-6qah
Aliases: CVE-2012-6708 GHSA-2pqj-h3vj-pqgw |
The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks. jQuery only deems the input to be HTML if it explicitly starts with the `<` character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||