7.7 High
AI Score
Confidence
Low
A flaw was found in Rubygem RDoc. When parsing .rdoc_options used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution.
bugzilla.redhat.com/show_bug.cgi?id=2270749
nvd.nist.gov/vuln/detail/CVE-2024-27281
www.cve.org/CVERecord?id=CVE-2024-27281
www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/