RDoc 2.3.0 through 3.12 XSS Exploit
Doc documentation generated by rdoc 2.3.0 through rdoc 3.12 and prereleases
up to rdoc 4.0.0.preview2.1 are vulnerable to an XSS exploit. This exploit
may lead to cookie disclosure to third parties.
The exploit exists in darkfish.js which is copied from the RDoc install
location to the generated documentation.
RDoc is a static documentation generation tool. Patching the library itself
is insufficient to correct this exploit.
This exploit was discovered by Evgeny Ermakov
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information
|Package||Patched in||Unaffected in|