Lucene search
GoogleOSV:GHSA-GGXM-PGC9-G7FPHistorySep 01, 2021 - 6:53 p.m.
Arbitrary Code Execution in Rdoc
2021-09-0118:53:15
Google
osv.dev
13
0.001 Low
EPSS
Percentile
28.8%
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rdoc | eq | 6.0.0 | |
| rdoc | eq | 6.0.1.1 | |
| rdoc | eq | 4.0.0.rc.2 | |
| rdoc | eq | 6.1.0.beta2 | |
| rdoc | eq | 6.1.0.beta3 | |
| rdoc | eq | 4.2.2 | |
| rdoc | eq | 6.1.1 | |
| rdoc | eq | 5.0.0.beta2 | |
| rdoc | eq | 4.0.0.rc.2.1 | |
| rdoc | eq | 4.2.0 |
References
github.com/ruby/rdoc
github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7
github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2021-31799.yml
lists.debian.org/debian-lts-announce/2021/10/msg00009.html
nvd.nist.gov/vuln/detail/CVE-2021-31799
security-tracker.debian.org/tracker/CVE-2021-31799
security.gentoo.org/glsa/202401-05
security.netapp.com/advisory/ntap-20210902-0004
www.oracle.com/security-alerts/cpuapr2022.html
www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc
Related
osv
osv
CVE-2021-31799
2021-07-30 14:15:16
ruby2.3 - security update
2021-10-11 00:00:00
Moderate: ruby:2.5 security update
2022-02-24 15:11:44
nessus
nessus
Amazon Linux AMI : ruby20 (ALAS-2021-1505)
2021-05-24 00:00:00
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-005)
2023-09-27 00:00:00
Amazon Linux AMI : ruby24 (ALAS-2021-1506)
2021-05-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-11 15:57:38
nvd
nvd
CVE-2021-31799
2021-07-30 14:15:16
github
github
Arbitrary Code Execution in Rdoc
2021-09-01 18:53:15
hackerone
hackerone
Ruby: OS Command Injection in 'rdoc' documentation generator
2021-04-12 16:47:15
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1187)
2022-02-24 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2846)
2021-12-30 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1144)
2022-02-13 00:00:00
redhatcve
redhatcve
CVE-2021-31799
2021-07-07 21:57:08
attackerkb
attackerkb
CVE-2021-31799
2021-07-30 00:00:00
freebsd
freebsd
RDoc -- command injection vulnerability
2021-05-02 00:00:00
Ruby -- multiple vulnerabilities
2021-07-07 00:00:00
alpinelinux
alpinelinux
CVE-2021-31799
2021-07-30 14:15:16
amazon
amazon
cvelist
cvelist
CVE-2021-31799
2021-07-29 00:00:00
prion
prion
Code injection
2021-07-30 14:15:00
debiancve
debiancve
CVE-2021-31799
2021-07-30 14:15:16
ubuntucve
ubuntucve
CVE-2021-31799
2021-07-15 00:00:00
gentoo
gentoo
RDoc: Command Injection
2024-01-05 00:00:00
cve
cve
CVE-2021-31799
2021-07-30 14:15:16
cloudfoundry
cloudfoundry
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
suse
suse
Security update for ruby2.5 (important)
2021-12-01 00:00:00
Security update for ruby2.5 (important)
2021-12-06 00:00:00
Security update for ruby2.5 (important)
2022-05-03 00:00:00
oraclelinux
oraclelinux
ruby:2.5 security update
2022-02-28 00:00:00
ruby:2.5 security update
2022-03-08 00:00:00
ruby:2.7 security update
2021-08-06 00:00:00
rocky
rocky
ruby:2.5 security update
2022-02-24 15:11:44
ruby:2.7 security update
2021-08-05 14:06:16
ruby:2.6 security update
2022-02-16 08:26:13
ubuntu
ubuntu
Ruby vulnerabilities
2021-07-21 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Important: ruby:2.7 security update
2021-08-05 14:06:16
Important: ruby:2.6 security update
2022-02-16 08:26:13
archlinux
archlinux
[ASA-202107-25] ruby2.6: multiple issues
2021-07-14 00:00:00
[ASA-202107-18] gitlab: multiple issues
2021-07-06 00:00:00
redhat
redhat
(RHSA-2022:0672) Moderate: ruby:2.5 security update
2022-02-24 15:11:44
(RHSA-2021:3559) Important: rh-ruby27-ruby security update
2021-09-20 07:32:43
(RHSA-2021:3020) Important: ruby:2.7 security update
2021-08-05 14:06:16
debian
debian
[SECURITY] [DLA 2780-1] ruby2.3 security update
2021-10-13 14:12:23
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34
2021-07-29 01:09:21
photon
photon
Important Photon OS Security Update - PHSA-2022-0354
2022-01-19 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0354
2022-01-22 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00