FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ed8d5535-ca78-11e9-980b-999ff59c22eaRDoc -- multiple jQuery vulnerabilities

Ruby news:

There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.

The following vulnerabilities have been reported.

CVE-2012-6708

CVE-2015-9251


Discovery 2019-08-28
Entry 2019-08-29
Modified 2019-08-31
ruby
ge 2.4.0,1 lt 2.4.7,1

ge 2.5.0,1 lt 2.5.6,1

ge 2.6.0,1 lt 2.6.3,1

rubygem-rdoc
< 6.1.2

https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/
CVE-2012-6708
CVE-2015-9251
57027417-ab7f-11eb-9596-080027f515eaRDoc -- command injection vulnerability

Alexandr Savca reports:

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.


Discovery 2021-05-02
Entry 2021-05-02
rubygem-rdoc
< 6.3.1

CVE-2021-31799
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/