Vulnerabilities > Ruby Lang > Rdoc > 3.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-30 | CVE-2021-31799 | OS Command Injection vulnerability in multiple products In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | 7.0 |
2013-03-01 | CVE-2013-0256 | Cross-site Scripting vulnerability in multiple products darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. | 4.3 |