Количество 20
Количество 20
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.
CVE-2024-27281
CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ...
GHSA-592j-995h-p23j
RDoc RCE vulnerability with .rdoc_options
BDU:2024-02457
Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
RLSA-2024:3671
Moderate: ruby:3.3 security, bug fix, and enhancement update
RLSA-2024:3670
Moderate: ruby:3.3 security, bug fix, and enhancement update
RLSA-2024:3668
Moderate: ruby:3.1 security, bug fix, and enhancement update
RLSA-2024:3546
Moderate: ruby:3.1 security, bug fix, and enhancement update
ELSA-2024-3671
ELSA-2024-3671: ruby:3.3 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3670
ELSA-2024-3670: ruby:3.3 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3668
ELSA-2024-3668: ruby:3.1 security, bug fix, and enhancement update (MODERATE)
ELSA-2024-3546
ELSA-2024-3546: ruby:3.1 security, bug fix, and enhancement update (MODERATE)
RLSA-2024:4499
Moderate: ruby security update
ELSA-2024-4499
ELSA-2024-4499: ruby security update (MODERATE)
RLSA-2024:3500
Moderate: ruby:3.0 security update
ELSA-2024-3838
ELSA-2024-3838: ruby security update (MODERATE)
ELSA-2024-3500
ELSA-2024-3500: ruby:3.0 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | CVSS3: 4.5 | 2% Низкий | больше 1 года назад |
 | CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | CVSS3: 4.5 | 2% Низкий | больше 1 года назад |
 | CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | CVSS3: 4.5 | 2% Низкий | больше 1 года назад |
 | CVSS3: 4.5 | 2% Низкий | больше 1 года назад | |
| CVE-2024-27281 An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in ... | CVSS3: 4.5 | 2% Низкий | больше 1 года назад |
| GHSA-592j-995h-p23j RDoc RCE vulnerability with .rdoc_options | CVSS3: 4.5 | 2% Низкий | больше 1 года назад |
 | BDU:2024-02457 Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 4.5 | 2% Низкий | больше 1 года назад |
 | RLSA-2024:3671 Moderate: ruby:3.3 security, bug fix, and enhancement update | больше 1 года назад | ||
| RLSA-2024:3670 Moderate: ruby:3.3 security, bug fix, and enhancement update | больше 1 года назад | ||
| RLSA-2024:3668 Moderate: ruby:3.1 security, bug fix, and enhancement update | больше 1 года назад | ||
| RLSA-2024:3546 Moderate: ruby:3.1 security, bug fix, and enhancement update | больше 1 года назад | ||
| ELSA-2024-3671 ELSA-2024-3671: ruby:3.3 security, bug fix, and enhancement update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-3670 ELSA-2024-3670: ruby:3.3 security, bug fix, and enhancement update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-3668 ELSA-2024-3668: ruby:3.1 security, bug fix, and enhancement update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-3546 ELSA-2024-3546: ruby:3.1 security, bug fix, and enhancement update (MODERATE) | больше 1 года назад | ||
| RLSA-2024:4499 Moderate: ruby security update | больше 1 года назад | ||
| ELSA-2024-4499 ELSA-2024-4499: ruby security update (MODERATE) | больше 1 года назад | ||
| RLSA-2024:3500 Moderate: ruby:3.0 security update | 7 месяцев назад | ||
| ELSA-2024-3838 ELSA-2024-3838: ruby security update (MODERATE) | больше 1 года назад | ||
| ELSA-2024-3500 ELSA-2024-3500: ruby:3.0 security update (MODERATE) | больше 1 года назад |
Уязвимостей на страницу