-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
CVE-2012-6684.yml
27 lines (27 loc) · 1.13 KB
/
CVE-2012-6684.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
---
gem: RedCloth
cve: 2012-6684
ghsa: r23g-3qw4-gfh2
osvdb: 115941
url: https://co3k.org/blog/redcloth-unfixed-xss-en
title: "CVE-2012-6684 rubygem-RedCloth: XSS vulnerability"
date: 2012-02-29
description: |
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9
for Ruby and earlier allows remote attackers to inject arbitrary
web script or HTML via a javascript: URI.
cvss_v2: 4.3
patched_versions:
- ">= 4.3.0"
related:
url:
- http://co3k.org/blog/redcloth-unfixed-xss-en
- https://gist.github.com/co3k/75b3cb416c342aa1414c
- https://github.com/jgarber/redcloth/commit/2f6dab4d6aea5cee778d2f37a135637fe3f1573c
- https://github.com/jgarber/redcloth/commit/b24f03db023d1653d60dd33b28e09317cd77c6a0
- https://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss
- https://web.archive.org/web/20150128115714/http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss
- https://nvd.nist.gov/vuln/detail/CVE-2012-6684
- https://github.com/advisories/GHSA-r23g-3qw4-gfh2
- http://seclists.org/fulldisclosure/2014/Dec/50
- http://www.debian.org/security/2015/dsa-3168