FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
57027417-ab7f-11eb-9596-080027f515eaRDoc -- command injection vulnerability

Alexandr Savca reports:

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.

Discovery 2021-05-02
Entry 2021-05-02
lt 6.3.1

ed8d5535-ca78-11e9-980b-999ff59c22eaRDoc -- multiple jQuery vulnerabilities

Ruby news:

There are multiple vulnerabilities about Cross-Site Scripting (XSS) in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc.

The following vulnerabilities have been reported.



Discovery 2019-08-28
Entry 2019-08-29
Modified 2019-08-31
ge 2.4.0,1 lt 2.4.7,1

ge 2.5.0,1 lt 2.5.6,1

ge 2.6.0,1 lt 2.6.3,1

lt 6.1.2