In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html | Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2021-31799 | Third Party Advisory |
https://security.gentoo.org/glsa/202401-05 | |
https://security.netapp.com/advisory/ntap-20210902-0004/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-29T00:00:00
Updated: 2024-01-05T14:06:20.190720
Reserved: 2021-04-25T00:00:00
Link: CVE-2021-31799
JSON object: View
NVD Information
Status : Modified
Published: 2021-07-30T14:15:16.620
Modified: 2024-01-05T14:15:46.040
Link: CVE-2021-31799
JSON object: View
Redhat Information
No data.
CWE