Search for packages
| purl | pkg:gem/rdoc@6.1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-421x-nuyc-aaap
Aliases: CVE-2024-27281 GHSA-592j-995h-p23j |
RDoc RCE vulnerability with .rdoc_options |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-gmf4-gcd5-aaab
Aliases: CVE-2021-31799 GHSA-ggxm-pgc9-g7fp |
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3tdt-b5tc-aaak | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. |
CVE-2015-9251
GHSA-rmxg-73gg-4p98 |
| VCID-q1qe-zr6p-aaap | jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. |
CVE-2012-6708
GHSA-2pqj-h3vj-pqgw |
| VCID-tv97-anfg-aaam | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |
CVE-2019-11358
GHSA-6c3j-c64m-qhgq |