CVE-2021-31799

Опубликовано: 30 июл. 2021

Источник: debian

EPSS Низкий

Описание

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

Пакет	Статус	Версия исправления	Тип
ruby2.7	fixed	2.7.4-1	package
ruby2.5	removed		package
ruby2.3	removed		package

Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11)
Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1)
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master)
https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7)

EPSS

Процентиль: 70%

0.00645

Низкий

CVE-2021-31799

CVSS3: 7

ubuntu

почти 4 года назад

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

CVE-2021-31799

CVSS3: 7

redhat

около 4 лет назад

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

CVE-2021-31799

CVSS3: 7

nvd

почти 4 года назад

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

GHSA-ggxm-pgc9-g7fp

CVSS3: 7

github

почти 4 года назад

Arbitrary Code Execution in Rdoc

BDU:2021-05398

CVSS3: 7

fstec

около 4 лет назад

Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 70%

0.00645

Низкий