Showing 1 - 3 of 3

CVE-2024-27281

Status Candidate

Overview

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.

Related Files

Gentoo Linux Security Advisory 202406-03: Posted Jun 24, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202406-3 - A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code. Versions greater than or equal to 6.6.3.1 are affected.; tags | advisory, arbitrary; systems | linux, gentoo; advisories | CVE-2024-27281; SHA-256 | 18693c2f431f2f97001cda25531c548b88f23d78ab069590b1438c6536b464cf; Download | Favorite | View

Ubuntu Security Notice USN-6838-1: Posted Jun 17, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6838-1 - It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that the Ruby regex compiler incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive memory contents.; tags | advisory, remote, arbitrary, ruby; systems | linux, ubuntu; advisories | CVE-2024-27281, CVE-2024-27282; SHA-256 | 120b5d48766d2e4145ff11d42e77720c22fbb0e8c31ac33a57af9a29ab60b5c4; Download | Favorite | View

Debian Security Advisory 5677-1: Posted May 6, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.; tags | advisory, denial of service, arbitrary, vulnerability, info disclosure, ruby; systems | linux, debian; advisories | CVE-2024-27280, CVE-2024-27281, CVE-2024-27282; SHA-256 | 86604f92379ed2d3ce35ce272c376c61fa6148a0285472100b79b85bb4f1f07f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 234 files
indoushka 108 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

CVE-2024-27281

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems