ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.0 (High)
PATCHED VERSIONS
- ~> 6.1.2.1
- ~> 6.2.1.1
- >= 6.3.1
DESCRIPTION
RDoc used to call Kernel#open to open a local file. If a Ruby project has
a file whose name starts with | and ends with tags, the command following
the pipe character is executed. A malicious Ruby project could exploit it to
run an arbitrary command execution against a user who attempts to run rdoc
command.