CVE-2013-0256
published 2013-03-01CVE-2013-0256: darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
3.62%
88.1th percentile
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| ruby-lang | rdoc | — | — |
| ruby-lang | rdoc | >= 2.3.0 < 3.12 | 3.12 |
| ruby-lang | rdoc | >= 2.3.0 < 3.12.1 | 3.12.1 |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_ubuntu5.0MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2013-02-21·CVSS 5.0
CVE-2012-5371 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Jean-Philippe Aumasson discovered that Ruby incorrectly generated
predictable hash values. An attacker could use this issue to generate hash
collisions and cause a denial of service. (CVE-2012-5371)
Evgeny Ermakov discovered that documentation generated by rdoc is
vulnerable to a cross-site scripting issue. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2013-0256)
Thomas Hollstegge and Ben Murphy discovered that the JSON implementation
in Ruby incorrectly handled certain crafted documents. An attacker could
use this issue to cause a
Red Hat
rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
vendor_redhat·2013-02-06·CVSS 4.3
CVE-2013-0256 [MEDIUM] CWE-79 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Package: rubygem-haml (OpenShift Enterprise 1) - Affected
Package: rubygem-haml (Red Hat Enterprise MRG 2) - Affected
Package: rubygem-haml (Red Hat Subscription Asset Manager) - Affected
OSV
RDoc contains XSS vulnerability
osv·2017-10-24
CVE-2013-0256 [MEDIUM] RDoc contains XSS vulnerability
RDoc contains XSS vulnerability
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
GHSA
RDoc contains XSS vulnerability
ghsa·2017-10-24
CVE-2013-0256 [MEDIUM] CWE-79 RDoc contains XSS vulnerability
RDoc contains XSS vulnerability
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
No detection rules found.
No public exploits indexed.
HackerOne
XSS exploit of RDoc documentation generated by rdoc
hackerone·2023-07-18·CVSS 4.3
[MEDIUM] XSS exploit of RDoc documentation generated by rdoc
XSS exploit of RDoc documentation generated by rdoc
When creating an RDoc html documentation, there is a possibility to inject malicious code through file name.
# PoC
```bash
~ $ touch \"\>\Controlling\ what\ is\ documented\ here
~ $ ls
">Controlling what is documented here
~ $ rdoc --all
```
Now, the generated index file has injected javascript code:
```html
...
Controlling what is documented here.html">"> Controlling what is documented here
...
```
I set to the vulnerability the same severity as CVE-2013-0256 has, since rdoc is widely used on dev/production systems online documentation, etc. An attacker can hide a bad-named-file deep in the project structure to be stealthy. Also, the file can be very tricky-named in documentation list, can contain the real documentation code, and s
HackerOne
XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
hackerone·2023-07-18·CVSS 4.3
CVE-2013-0256 [MEDIUM] XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
The exploit exists in `paragraph` formatting that allows malicious code to be injected into the generated documentation.
PoC
----
For example, let's create the `example` file with the following content:
```
\x[\alert(1);\]
```
Now, run rdoc:
```sh
rdoc --all
```
The output html will have the following injected javascript code:
```html
x[alert(1);]
```
Solution
I may be wrong with the solution, but I want to be more helpful :) At first glance, the vulnerable code is here:
```rb
def accept_paragraph paragraph
@res "
text = paragraph.text @hard_break
text = text.gsub(/\r?\n/, ' ')
@res \n"
end
```
I suppose we should sanitize the output. For example, after changing `text` to `CGI.escapeHTML(text)` I've got the foll
Bugzilla
CVE-2013-0256 rubygem-rdoc (2.3.0 <= X <= 3.12): Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template [fedora-all]
bugzilla·2013-02-06·CVSS 4.3
CVE-2013-0256 [MEDIUM] CVE-2013-0256 rubygem-rdoc (2.3.0 <= X <= 3.12): Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template [fedora-all]
CVE-2013-0256 rubygem-rdoc (2.3.0 <= X <= 3.12): Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM cha
Bugzilla
CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
bugzilla·2013-02-05·CVSS 4.3
CVE-2013-0256 [MEDIUM] CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
A cross-site scripting (XSS) flaw was found in the way Darkfish Rdoc HTML generator / template of RDoc, HTML and command-line documentation producing tool for Ruby, performed sanitization of certain values when creating Rdoc documentation. When Ruby on Rails application exposed its documentation via network, a remote attacker could provide a specially-crafted URL that, when opened would lead to arbitrary web script or HTML code execution in the context of (particular Ruby on Rails application) user's session.
This issue affects RDoc versions 2.3.0 to 3.12.
Discussion:
This issue affects the versions of the rubygem-rdoc package, as shipped with Red Hat OpenShift Enter
http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0548.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0686.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0701.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0728.htmlhttp://secunia.com/advisories/52774http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/http://www.ubuntu.com/usn/USN-1733-1https://bugzilla.redhat.com/show_bug.cgi?id=907820https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0548.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0686.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0701.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0728.htmlhttp://secunia.com/advisories/52774http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/http://www.ubuntu.com/usn/USN-1733-1https://bugzilla.redhat.com/show_bug.cgi?id=907820https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
2013-03-01
Published