FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
57027417-ab7f-11eb-9596-080027f515eaRDoc -- command injection vulnerability

Alexandr Savca reports:

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.


Discovery 2021-05-02
Entry 2021-05-02
rubygem-rdoc
lt 6.3.1

CVE-2021-31799
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
ed8d5535-ca78-11e9-980b-999ff59c22eaRDoc -- multiple jQuery vulnerabilities

Ruby news:

There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.

The following vulnerabilities have been reported.

CVE-2012-6708

CVE-2015-9251


Discovery 2019-08-28
Entry 2019-08-29
Modified 2019-08-31
ruby
ge 2.4.0,1 lt 2.4.7,1

ge 2.5.0,1 lt 2.5.6,1

ge 2.6.0,1 lt 2.6.3,1

rubygem-rdoc
lt 6.1.2

https://www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/
CVE-2012-6708
CVE-2015-9251