VulnerableCode Package Details - pkg:rpm/redhat/ruby193-rubygem-rspec@2.11.0-2?arch=el6

Search for packages

Vulnerability	Summary	Fixed by
VCID-pb4n-q6u8-syds Aliases: CVE-2013-0256 GHSA-v2r9-c84j-v7xm OSV-90004	XSS exploit of RDoc documentation generated by rdoc This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit.	There are no reported fixed by versions.
VCID-rrwv-dzq7-9ybd Aliases: CVE-2013-2034 GHSA-fg4r-f9j2-36mw	Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.	There are no reported fixed by versions.
VCID-xenc-mfdw-mucm Aliases: CVE-2013-1808	stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer	There are no reported fixed by versions.
VCID-z46p-c93u-auav Aliases: CVE-2013-2033 GHSA-826f-32qm-vm3j	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2013-2033 Jenkins: Build Description XSS	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-pb4n-q6u8-syds
Aliases:
CVE-2013-0256
GHSA-v2r9-c84j-v7xm
OSV-90004

XSS exploit of RDoc documentation generated by rdoc This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit.

There are no reported fixed by versions.

VCID-rrwv-dzq7-9ybd
Aliases:
CVE-2013-2034
GHSA-fg4r-f9j2-36mw

Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

There are no reported fixed by versions.

VCID-xenc-mfdw-mucm
Aliases:
CVE-2013-1808

stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer

There are no reported fixed by versions.

VCID-z46p-c93u-auav
Aliases:
CVE-2013-2033
GHSA-826f-32qm-vm3j

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2013-2033 Jenkins: Build Description XSS

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:52:32.304091+00:00	RedHat Importer	Affected by	VCID-pb4n-q6u8-syds	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0256.json	38.0.0
2026-04-01T14:52:28.731164+00:00	RedHat Importer	Affected by	VCID-xenc-mfdw-mucm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json	38.0.0
2026-04-01T14:51:32.588218+00:00	RedHat Importer	Affected by	VCID-rrwv-dzq7-9ybd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json	38.0.0
2026-04-01T14:51:31.032145+00:00	RedHat Importer	Affected by	VCID-z46p-c93u-auav	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2033.json	38.0.0