CVE-2013-0256 — MEDIUM (4.3)

Q: How severe is CVE-2013-0256?

CVE-2013-0256 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-0256?

Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Rdoc, Ruby-Lang Ruby, Canonical Ubuntu Linux.

Vulnerability Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ruby-Lang	Rdoc	>= 2.3.0, < 3.12
Ruby-Lang	Ruby	1.9
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-79

References

http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releaseThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0548.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0686.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0701.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0728.htmlThird Party Advisory
http://secunia.com/advisories/52774Third Party Advisory
http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/Vendor Advisory
http://www.ubuntu.com/usn/USN-1733-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=907820Issue Tracking
https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60Third Party Advisory
http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releaseThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2013-0256?

CVE-2013-0256 is a vulnerability with a CVSS score of 4.3 (MEDIUM). darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attac...

How severe is CVE-2013-0256?

CVE-2013-0256 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0256?

Check the references section above for vendor advisories and patch information. Affected products include: Ruby-Lang Rdoc, Ruby-Lang Ruby, Canonical Ubuntu Linux.