Lucene search
K

215 matches found

UbuntuCve
UbuntuCve
added 2024/05/14 3:11 p.m.46 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.4AI score0.01571EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/05/14 7:0 a.m.4 views

An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users a fixed version is rdoc 6.5.1.1.

...

4.5CVSS9.3AI score0.01571EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.18 views

RHEL 7 : rubygem-rdoc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 Note that Nessus has not tested for this issue...

7.5AI score0.0148EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/08 8:56 p.m.30 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

7.6AI score0.01571EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/08 8:56 p.m.16 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

8AI score0.01571EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/05/08 8:56 p.m.20 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.5AI score0.01571EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/05/08 8:56 p.m.26 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8AI score0.01571EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2024/04/23 10:33 p.m.48 views

[slackware-security] ruby

New ruby packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ruby-3.0.7-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex...

9.8CVSS6.5AI score0.02364EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/04/02 12:0 a.m.38 views

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves:...

8.8CVSS7.3AI score0.02637EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/04/02 12:0 a.m.6 views

The vulnerability in the built-in RDoc documentation generator for the Ruby programming language relates to the possibility of restoring unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the built-in RDoc documentation generator for the Ruby programming language relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted .rdocoptions files...

4.5CVSS7AI score0.01571EPSS
Exploits0References9Affected Software5
Veracode
Veracode
added 2024/03/28 10:48 a.m.24 views

Remote Code Execution

rdoc is vulnerable to Remote Code Execution. The vulnerability is due to unrestricted class restoration when parsing .rdocoptions as a YAML file, allowing for object injection and code injection...

4.5CVSS7.7AI score0.01571EPSS
Exploits0
Hacker One
Hacker One
added 2024/03/27 11:54 p.m.93 views

Internet Bug Bounty: CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

A remote code execution vulnerability was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. The vulnerability was caused by the lack of restrictions on the classes that could be restored when parsing .rdocoptions as a YAML file. Additionally, object injection and...

4.5CVSS7.9AI score0.01571EPSS
Exploits0
Rockylinux
Rockylinux
added 2024/03/27 4:34 a.m.42 views

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.2AI score0.02637EPSS
Exploits1
OSV
OSV
added 2024/03/25 7:36 p.m.25 views

GHSA-592J-995H-P23J RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.2AI score0.01571EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2024/03/25 7:36 p.m.56 views

RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.1AI score0.01571EPSS
Exploits0References16Affected Software1
SUSE CVE
SUSE CVE
added 2024/03/23 3:34 a.m.1 views

SUSE CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.8AI score0.01571EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/03/21 6:29 p.m.56 views

CVE-2024-27281

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution. Mitigation Mitigation for this issue is either not...

4.5CVSS7.4AI score0.01571EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.2 views

RDoc 安全漏洞

RDoc is a Ruby documentation system open-sourced by The Ruby Programming Language. A security vulnerability exists in RDoc versions 6.3.3 through 6.6.2, which stems from the lack of any restriction on classes that can be recovered when .rdocoptions is parsed as a YAML file, allowing an attacker t...

4.5CVSS7.4AI score0.01571EPSS
Exploits0References5
RubySec
RubySec
added 2024/03/21 12:0 a.m.28 views

RCE vulnerability with .rdoc_options in RDoc

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.3AI score0.01571EPSS
Exploits0References1Affected Software1
Oracle linux
Oracle linux
added 2024/03/20 12:0 a.m.48 views

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in URI. Resolves: RHEL-28567 Resolves: RHEL-28576 - Fix ReDos vulnerability in Time. Resolves: RHEL-28566 - Make RDoc soft dependency in IRB. Resolves:...

8.8CVSS7.3AI score0.02637EPSS
Exploits1
Rows per page
Query Builder