rhsa-2013_0701
Vulnerability from csaf_redhat
Published
2013-04-02 19:58
Modified
2024-11-05 18:04
Summary
Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update
Notes
Topic
Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two
security issues are now available for Red Hat OpenShift Enterprise 1.1.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
A flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by
creating different types of malicious objects. For example, it could
initiate a denial of service attack through resource consumption by using a
JSON document to create arbitrary Ruby symbols, which were never garbage
collected. It could also be exploited to create internal objects which
could allow a SQL injection attack. (CVE-2013-0269)
It was found that documentation created by rubygem-rdoc and
ruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS) attack.
If such documentation was accessible over a network, and a remote attacker
could trick a user into visiting a specially-crafted URL, it would lead to
arbitrary web script execution in the context of the user's session. As
rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation
for Ruby source files (such as classes, modules, and so on), it is not a
common scenario to make such documentation accessible over the network.
(CVE-2013-0256)
Red Hat would like to thank Ruby on Rails upstream for reporting
CVE-2013-0269, and Eric Hodel of RDoc upstream for reporting CVE-2013-0256.
Upstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the
original reporters of CVE-2013-0269, and Evgeny Ermakov as the original
reporter of CVE-2013-0256.
Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two\nsecurity issues are now available for Red Hat OpenShift Enterprise 1.1.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Ruby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nA flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by\ncreating different types of malicious objects. For example, it could\ninitiate a denial of service attack through resource consumption by using a\nJSON document to create arbitrary Ruby symbols, which were never garbage\ncollected. It could also be exploited to create internal objects which\ncould allow a SQL injection attack. (CVE-2013-0269)\n\nIt was found that documentation created by rubygem-rdoc and\nruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS) attack.\nIf such documentation was accessible over a network, and a remote attacker\ncould trick a user into visiting a specially-crafted URL, it would lead to\narbitrary web script execution in the context of the user\u0027s session. As\nrubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation\nfor Ruby source files (such as classes, modules, and so on), it is not a\ncommon scenario to make such documentation accessible over the network.\n(CVE-2013-0256)\n\nRed Hat would like to thank Ruby on Rails upstream for reporting\nCVE-2013-0269, and Eric Hodel of RDoc upstream for reporting CVE-2013-0256.\nUpstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the\noriginal reporters of CVE-2013-0269, and Evgeny Ermakov as the original\nreporter of CVE-2013-0256.\n\nUsers of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these\nupdated packages, which correct these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0701", "url": "https://access.redhat.com/errata/RHSA-2013:0701" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "907820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820" }, { "category": "external", "summary": "909029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909029" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0701.json" } ], "title": "Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update", "tracking": { "current_release_date": "2024-11-05T18:04:33+00:00", "generator": { "date": "2024-11-05T18:04:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0701", "initial_release_date": "2013-04-02T19:58:00+00:00", "revision_history": [ { "date": "2013-04-02T19:58:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-04-02T20:06:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:04:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Enterprise Infrastructure", "product": { "name": "Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:1::el6" } } }, { "category": "product_name", "name": "Red Hat OpenShift Enterprise Node", "product": { "name": "Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:1::el6" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "product": { "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "product_id": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygem-json@1.5.4-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "product": { "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "product_id": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby-libs@1.9.3.327-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "product": { "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "product_id": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygem-io-console@0.3-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "product": { "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "product_id": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby-tcltk@1.9.3.327-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "product": { "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "product_id": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby-doc@1.9.3.327-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "product": { "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "product_id": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.327-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "product": { "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "product_id": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygem-bigdecimal@1.1.0-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "product": { "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "product_id": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby-debuginfo@1.9.3.327-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "product": { "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "product_id": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby-devel@1.9.3.327-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "product": { "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "product_id": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygem-rdoc@3.9.4-28.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "product": { "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "product_id": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-json-debuginfo@1.7.3-2.el6op?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-json-0:1.7.3-2.el6op.x86_64", "product": { "name": "rubygem-json-0:1.7.3-2.el6op.x86_64", "product_id": "rubygem-json-0:1.7.3-2.el6op.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-json@1.7.3-2.el6op?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch", "product": { "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch", "product_id": "ruby193-rubygems-0:1.8.23-28.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygems@1.8.23-28.el6?arch=noarch" } } }, { "category": "product_version", "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "product": { "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "product_id": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby-irb@1.9.3.327-28.el6?arch=noarch" } } }, { "category": "product_version", "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "product": { "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "product_id": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygem-minitest@2.5.1-28.el6?arch=noarch" } } }, { "category": "product_version", "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "product": { "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "product_id": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygems-devel@1.8.23-28.el6?arch=noarch" } } }, { "category": "product_version", "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "product": { "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "product_id": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-rubygem-rake@0.9.2.2-28.el6?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch", "product": { "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch", "product_id": "rubygem-json-doc-0:1.7.3-2.el6op.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-json-doc@1.7.3-2.el6op?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:3.8-9.el6op.noarch", "product": { "name": "rubygem-rdoc-0:3.8-9.el6op.noarch", "product_id": "rubygem-rdoc-0:3.8-9.el6op.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc@3.8-9.el6op?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "product": { "name": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "product_id": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc-doc@3.8-9.el6op?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ruby193-ruby-0:1.9.3.327-28.el6.src", "product": { "name": "ruby193-ruby-0:1.9.3.327-28.el6.src", "product_id": "ruby193-ruby-0:1.9.3.327-28.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby193-ruby@1.9.3.327-28.el6?arch=src" } } }, { "category": "product_version", "name": "rubygem-json-0:1.7.3-2.el6op.src", "product": { "name": "rubygem-json-0:1.7.3-2.el6op.src", "product_id": "rubygem-json-0:1.7.3-2.el6op.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-json@1.7.3-2.el6op?arch=src" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:3.8-9.el6op.src", "product": { "name": "rubygem-rdoc-0:3.8-9.el6op.src", "product_id": "rubygem-rdoc-0:3.8-9.el6op.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc@3.8-9.el6op?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-0:1.9.3.327-28.el6.src as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src" }, "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.src", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch" }, "product_reference": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch" }, "product_reference": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch" }, "product_reference": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch" }, "product_reference": "ruby193-rubygems-0:1.8.23-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch" }, "product_reference": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:1.7.3-2.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src" }, "product_reference": "rubygem-json-0:1.7.3-2.el6op.src", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64" }, "product_reference": "rubygem-json-0:1.7.3-2.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64" }, "product_reference": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch" }, "product_reference": "rubygem-json-doc-0:1.7.3-2.el6op.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:3.8-9.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch" }, "product_reference": "rubygem-rdoc-0:3.8-9.el6op.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:3.8-9.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src" }, "product_reference": "rubygem-rdoc-0:3.8-9.el6op.src", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure", "product_id": "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch" }, "product_reference": "rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "relates_to_product_reference": "6Server-RHOSE-INFRA" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-0:1.9.3.327-28.el6.src as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src" }, "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.src", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch" }, "product_reference": "ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64" }, "product_reference": "ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch" }, "product_reference": "ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch" }, "product_reference": "ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64" }, "product_reference": "ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygems-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch" }, "product_reference": "ruby193-rubygems-0:1.8.23-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch" }, "product_reference": "ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:1.7.3-2.el6op.src as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src" }, "product_reference": "rubygem-json-0:1.7.3-2.el6op.src", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64" }, "product_reference": "rubygem-json-0:1.7.3-2.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64" }, "product_reference": "rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-doc-0:1.7.3-2.el6op.noarch as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" }, "product_reference": "rubygem-json-doc-0:1.7.3-2.el6op.noarch", "relates_to_product_reference": "6Server-RHOSE-NODE" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Eric Hodel" ], "organization": "RDoc upstream" }, { "names": [ "Evgeny Ermakov" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2013-0256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2013-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "907820" } ], "notes": [ { "category": "description", "text": "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src", "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0256" }, { "category": "external", "summary": "RHBZ#907820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0256", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0256" }, { "category": "external", "summary": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/", "url": "http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/" } ], "release_date": "2013-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-02T19:58:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src", "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0701" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src", "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template" }, { "acknowledgments": [ { "names": [ "Ruby on Rails upstream" ] }, { "names": [ "Thomas Hollstegge" ], "organization": "Zweitag", "summary": "Acknowledged by upstream." }, { "names": [ "Ben Murphy" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2013-0269", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2013-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "909029" } ], "notes": [ { "category": "description", "text": "The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka \"Unsafe Object Creation Vulnerability.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-json: Denial of Service and SQL Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite tools ship RubyGem Json 1.4.6 which is earlier than affected 1.5.5 version however, this version of RubyGem is not affected to the flaw. We may update RubyGem in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src", "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0269" }, { "category": "external", "summary": "RHBZ#909029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909029" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0269", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0269" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0269", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0269" }, { "category": "external", "summary": "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/", "url": "http://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/" } ], "release_date": "2013-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-02T19:58:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src", "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0701" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-INFRA:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-INFRA:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-INFRA:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-INFRA:rubygem-json-doc-0:1.7.3-2.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.noarch", "6Server-RHOSE-INFRA:rubygem-rdoc-0:3.8-9.el6op.src", "6Server-RHOSE-INFRA:rubygem-rdoc-doc-0:3.8-9.el6op.noarch", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.src", "6Server-RHOSE-NODE:ruby193-ruby-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-debuginfo-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-devel-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-doc-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-irb-0:1.9.3.327-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-ruby-libs-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-ruby-tcltk-0:1.9.3.327-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-bigdecimal-0:1.1.0-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-io-console-0:0.3-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-json-0:1.5.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygem-minitest-0:2.5.1-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rake-0:0.9.2.2-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygem-rdoc-0:3.9.4-28.el6.x86_64", "6Server-RHOSE-NODE:ruby193-rubygems-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:ruby193-rubygems-devel-0:1.8.23-28.el6.noarch", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.src", "6Server-RHOSE-NODE:rubygem-json-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-debuginfo-0:1.7.3-2.el6op.x86_64", "6Server-RHOSE-NODE:rubygem-json-doc-0:1.7.3-2.el6op.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-json: Denial of Service and SQL Injection" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.