Количество 28
Количество 28
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
CVE-2024-27281
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...
GHSA-63cq-cj6g-qfr2
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.
GHSA-592j-995h-p23j
RDoc RCE vulnerability with .rdoc_options
BDU:2024-03599
Уязвимость интерпретатора языка программирования Ruby, связанная с переполнением буфера в куче, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2024-02457
Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | CVSS3: 4.5 | 3% Низкий | около 1 года назад |
 | CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | CVSS3: 4.5 | 3% Низкий | около 1 года назад |
 | CVSS3: 4.5 | 3% Низкий | около 1 года назад | |
| CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ... | CVSS3: 4.5 | 3% Низкий | около 1 года назад |
| GHSA-63cq-cj6g-qfr2 An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. | CVSS3: 6.6 | 0% Низкий | около 1 года назад |
| GHSA-592j-995h-p23j RDoc RCE vulnerability with .rdoc_options | CVSS3: 4.5 | 3% Низкий | около 1 года назад |
 | BDU:2024-03599 Уязвимость интерпретатора языка программирования Ruby, связанная с переполнением буфера в куче, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 6.6 | 0% Низкий | около 1 года назад |
| BDU:2024-02457 Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 4.5 | 3% Низкий | больше 1 года назад |
Уязвимостей на страницу