Описание
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | system | Fix deferred | ||
| Red Hat Enterprise Linux 6 | ruby | Not affected | ||
| Red Hat Enterprise Linux 7 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 9 | ruby | Not affected | ||
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2021:3020 | 05.08.2021 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:0543 | 16.02.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:0672 | 24.02.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | ruby | Fixed | RHSA-2022:0581 | 21.02.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | ruby | Fixed | RHSA-2022:0582 | 21.02.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | ruby | Fixed | RHSA-2022:0544 | 16.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...
Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, позволяющая нарушителю выполнить произвольные команды
EPSS
7 High
CVSS3