Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-31799  

RDoc before version 6.3.1 used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command.

Source
Severity Medium

Remote Yes

Type Arbitrary command execution

Description 

RDoc before version 6.3.1 used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command.

AVG-1906 jruby 9.2.17.0-1 Medium Vulnerable

AVG-1905 gitlab-gitaly 13.10.0-2 Medium Vulnerable

AVG-1904 gitlab 13.10.4-1 Medium Vulnerable

AVG-1903 ruby2.6 2.6.7-1 Medium Vulnerable

AVG-1902 ruby2.7 2.7.3-1 Medium Vulnerable

AVG-1901 ruby-rdoc 6.3.0-3 Medium Vulnerable 

https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
https://my.diffend.io/gems/rdoc/6.3.0/6.3.1/page/3#d2h-455330

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started