CVE-2012-6708: Cross-site Scripting

January 18, 2018 (updated June 10, 2019)

The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks. jQuery only deems the input to be HTML if it explicitly starts with the < character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

References

www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

Detect and mitigate CVE-2012-6708 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →