CVE-2012-6684

NameCVE-2012-6684
DescriptionCross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-167-1, DSA-3168-1
Debian Bugs774748

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-redcloth (PTS)buster, bullseye4.3.2-3fixed
bookworm, sid4.3.2-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
redclothsourcesqueeze4.2.2-1.1+deb6u1DLA-167-1
redclothsource(unstable)(unfixed)
ruby-redclothsourcewheezy4.2.9-2+deb7u2DSA-3168-1
ruby-redclothsource(unstable)4.2.9-4774748

Notes

http://co3k.org/blog/redcloth-unfixed-xss-en
Search for package or bug name: Reporting problems