darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Affected Packages

RubyGems rdoc

Affected versions: 2.3.0 (fixed in 3.12.1)

Related CVEs

CVE-2013-0256

Key Information

GHSA ID

GHSA-v2r9-c84j-v7xm

Published

October 24, 2017 6:33 PM

Last Modified

July 5, 2023 8:39 PM

CVSS Score

5.0 /10

Primary Ecosystem

RubyGems

Primary Package

rdoc

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 30, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.