Lucene search
AmazonALAS-2024-2634HistorySep 12, 2024 - 6:30 p.m.
Medium: ruby
2024-09-1218:30:00
alas.aws.amazon.com
rce vulnerability
ruby
.rdoc_options
cve-2024-27281
yum update
CVSS3
4.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
7
Confidence
Low
Issue Overview:
ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)
Affected Packages:
ruby
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update ruby to update your system.
New Packages:
aarch64:
ruby-2.0.0.648-36.amzn2.0.11.aarch64
ruby-devel-2.0.0.648-36.amzn2.0.11.aarch64
ruby-libs-2.0.0.648-36.amzn2.0.11.aarch64
rubygem-bigdecimal-1.2.0-36.amzn2.0.11.aarch64
rubygem-io-console-0.4.2-36.amzn2.0.11.aarch64
rubygem-json-1.7.7-36.amzn2.0.11.aarch64
rubygem-psych-2.0.0-36.amzn2.0.11.aarch64
ruby-tcltk-2.0.0.648-36.amzn2.0.11.aarch64
ruby-debuginfo-2.0.0.648-36.amzn2.0.11.aarch64
i686:
ruby-2.0.0.648-36.amzn2.0.11.i686
ruby-devel-2.0.0.648-36.amzn2.0.11.i686
ruby-libs-2.0.0.648-36.amzn2.0.11.i686
rubygem-bigdecimal-1.2.0-36.amzn2.0.11.i686
rubygem-io-console-0.4.2-36.amzn2.0.11.i686
rubygem-json-1.7.7-36.amzn2.0.11.i686
rubygem-psych-2.0.0-36.amzn2.0.11.i686
ruby-tcltk-2.0.0.648-36.amzn2.0.11.i686
ruby-debuginfo-2.0.0.648-36.amzn2.0.11.i686
noarch:
rubygems-2.0.14.1-36.amzn2.0.11.noarch
rubygems-devel-2.0.14.1-36.amzn2.0.11.noarch
rubygem-rake-0.9.6-36.amzn2.0.11.noarch
ruby-irb-2.0.0.648-36.amzn2.0.11.noarch
rubygem-rdoc-4.0.0-36.amzn2.0.11.noarch
ruby-doc-2.0.0.648-36.amzn2.0.11.noarch
rubygem-minitest-4.3.2-36.amzn2.0.11.noarch
src:
ruby-2.0.0.648-36.amzn2.0.11.src
x86_64:
ruby-2.0.0.648-36.amzn2.0.11.x86_64
ruby-devel-2.0.0.648-36.amzn2.0.11.x86_64
ruby-libs-2.0.0.648-36.amzn2.0.11.x86_64
rubygem-bigdecimal-1.2.0-36.amzn2.0.11.x86_64
rubygem-io-console-0.4.2-36.amzn2.0.11.x86_64
rubygem-json-1.7.7-36.amzn2.0.11.x86_64
rubygem-psych-2.0.0-36.amzn2.0.11.x86_64
ruby-tcltk-2.0.0.648-36.amzn2.0.11.x86_64
ruby-debuginfo-2.0.0.648-36.amzn2.0.11.x86_64
Additional References
Red Hat: CVE-2024-27281
Mitre: CVE-2024-27281
Related
ubuntucve
ubuntucve
CVE-2024-27281
2024-05-14 00:00:00
osv
osv
CGA-hr6r-398j-373c
2024-06-12 20:04:07
CGA-r396-55q6-m5q5
2024-06-06 12:29:13
CGA-9375-qwvv-6hqp
2024-07-10 20:04:47
nessus
nessus
CBL Mariner 2.0 Security Update: ruby (CVE-2024-27281)
2024-08-21 00:00:00
Amazon Linux 2 : ruby (ALAS-2024-2634)
2024-09-18 00:00:00
Amazon Linux 2 : ruby (ALASRUBY3.0-2024-008)
2024-06-24 00:00:00
debiancve
debiancve
CVE-2024-27281
2024-05-14 15:11:57
hackerone
hackerone
Ruby: RCE by parsing `.rdoc_options` in RDoc
2021-05-07 04:58:55
github
github
RDoc RCE vulnerability with .rdoc_options
2024-03-25 19:36:59
cbl_mariner
cbl_mariner
CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4
2024-04-17 01:35:34
CVE-2024-27281 affecting package ruby for versions less than 3.3.3-1
2024-08-25 15:13:42
cgr
cgr
CVE-2024-27281 vulnerabilities
2024-05-19 03:07:16
vulnrichment
vulnrichment
CVE-2024-27281
1976-01-01 00:00:00
nvd
nvd
CVE-2024-27281
2024-05-14 15:11:57
redhatcve
redhatcve
CVE-2024-27281
2024-03-21 18:29:23
cve
cve
CVE-2024-27281
2024-05-14 15:11:57
veracode
veracode
Remote Code Execution
2024-03-28 10:48:53
rubygems
rubygems
RCE vulnerability with .rdoc_options in RDoc
2024-03-20 21:00:00
gentoo
gentoo
RDoc: Remote Code Execution
2024-06-22 00:00:00
alpinelinux
alpinelinux
CVE-2024-27281
2024-05-14 15:11:57
cvelist
cvelist
CVE-2024-27281
1976-01-01 00:00:00
wolfi
wolfi
CVE-2024-27281 vulnerabilities
2024-09-20 21:14:10
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1921)
2024-07-16 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1897)
2024-07-16 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2199)
2024-08-20 00:00:00
cloudfoundry
cloudfoundry
USN-6838-1: Ruby vulnerabilities | Cloud Foundry
2024-07-25 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2024-06-17 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0236
2024-04-01 00:00:00
almalinux
almalinux
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-06 00:00:00
rocky
rocky
ruby:3.3 security, bug fix, and enhancement update
2024-06-14 13:59:30
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 14:00:40
ruby:3.3 security, bug fix, and enhancement update
2024-06-14 14:00:40
redhat
redhat
mageia
mageia
Updated ruby packages fix security vulnerabilities
2024-05-09 05:40:29
fedora
fedora
[SECURITY] Fedora 40 Update: ruby-3.3.1-7.fc40
2024-05-03 01:46:00
[SECURITY] Fedora 39 Update: ruby-3.2.4-182.fc39
2024-05-04 01:33:23
[SECURITY] Fedora 38 Update: ruby-3.2.4-182.fc38
2024-05-04 02:20:05
oraclelinux
oraclelinux
ruby:3.1 security, bug fix, and enhancement update
2024-06-06 00:00:00
ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
debian
debian
[SECURITY] [DSA 5677-1] ruby3.1 security update
2024-05-03 19:47:30
[SECURITY] [DLA 3858-1] ruby2.7 security update
2024-09-02 12:46:22
slackware
slackware
[slackware-security] ruby
2024-04-23 22:33:22
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34
CVSS3
4.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
7
Confidence
Low
Related for ALAS-2024-2634