Sha256: 50830a9c8c63e86b0bfcb17be2de88392e32328bb9cbf2b09801d5abb00d54b4

Contents?: true

Size: 829 Bytes

Versions: 5

Compression:

Stored size: 829 Bytes

Contents

---
gem: RedCloth
cve: 2012-6684
osvdb: 115941
url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6684
title: RedCloth Gem for Ruby Textile Link Parsing XSS
date: 2012-02-29
description: |
  RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting (XSS)
  attack. This flaw exists because the program does not validate input when
  parsing textile links before returning it to users. This may allow a remote
  attacker to create a specially crafted request that would execute arbitrary
  script code in a user's browser session within the trust relationship between
  their browser and the server.
cvss_v2: 4.3
patched_versions:
  - ">= 4.3.0"
related:
  url:
    - https://github.com/jgarber/redcloth/commit/2f6dab4d6aea5cee778d2f37a135637fe3f1573c
    - http://co3k.org/blog/redcloth-unfixed-xss-en

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/RedCloth/CVE-2012-6684.yml