CVE-2015-9251: Cross-site Scripting

January 18, 2018 (updated June 10, 2019)

The jQuery library, which is included in rdoc, is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

References

www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

Code Behaviors & Features

Detect and mitigate CVE-2015-9251 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →