[FREEBSD:ED8D5535-CA78-11E9-980B-999FF59C22EA] RDoc -- multiple jQuery vulnerabilities

Severity Medium

Affected Packages 2

CVEs 2

Ruby news:

  There are multiple vulnerabilities about Cross-Site Scripting (XSS) in
    jQuery shipped with RDoc which bundled in Ruby. All Ruby users are
    recommended to update Ruby to the latest release which includes the
    fixed version of RDoc.
  The following vulnerabilities have been reported.
  CVE-2012-6708
  CVE-2015-9251

Package	Affected Version
pkg:freebsd/rubygem-rdoc	< 6.1.2
pkg:freebsd/ruby	< 2.4.7,1

ID

FREEBSD:ED8D5535-CA78-11E9-980B-999FF59C22EA

Severity

medium

Severity from

CVE-2012-6708

URL

http://vuxml.freebsd.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html

Published

2019-08-28T00:00:00
(5 years ago)

Modified

2019-08-29T00:00:00
(5 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/rubygem-rdoc		rubygem-rdoc	< 6.1.2
Affected	pkg:freebsd/ruby		ruby	< 2.4.7,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date