CVE-2012-6684

NameCVE-2012-6684
DescriptionCross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-167-1, DSA-3168-1
Debian Bugs774748

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-redcloth (PTS)buster, bullseye4.3.2-3fixed
buster (security)4.3.2-3+deb10u1fixed
bookworm4.3.2-4fixed
sid, trixie4.3.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
redclothsourcesqueeze4.2.2-1.1+deb6u1DLA-167-1
redclothsource(unstable)(unfixed)
ruby-redclothsourcewheezy4.2.9-2+deb7u2DSA-3168-1
ruby-redclothsource(unstable)4.2.9-4774748

Notes

http://co3k.org/blog/redcloth-unfixed-xss-en

Search for package or bug name: Reporting problems