RDoc OS command injection vulnerability
Published: May 02, 2021
SECURITY IDENTIFIERS
- CVE: CVE-2021-31799 (NVD)
- GHSA: GHSA-ggxm-pgc9-g7fp
- Vendor Advisory: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
GEM
SEVERITY
CVSS v3.x: 7.0 (High)
UNAFFECTED VERSIONS
< 3.11.0
PATCHED VERSIONS
~> 6.1.2.1
~> 6.2.1.1
>= 6.3.1
DESCRIPTION
RDoc used to call Kernel#open to open a local file. If a Ruby project has
a file whose name starts with | and ends with tags, the command following
the pipe character is executed. A malicious Ruby project could exploit it to
run an arbitrary command execution against a user who attempts to run rdoc
command.