CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281. Details An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58a19beefd3b8f8a311414182db8d30d2227d82b commit 58a19beefd3b8f8a311414182db8d30d2227d82b Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2024-06-05 05:48:38 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-06-05 05:49:17 +0000 dev-ruby/rdoc: drop 6.5.0 Bug: https://bugs.gentoo.org/927565 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/rdoc/Manifest | 1 - dev-ruby/rdoc/rdoc-6.5.0.ebuild | 98 ----------------------------------------- 2 files changed, 99 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f92f9f607c40e6a024e40691a4a77a9004288704 commit f92f9f607c40e6a024e40691a4a77a9004288704 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-06-22 07:30:29 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-06-22 07:31:04 +0000 [ GLSA 202406-03 ] RDoc: Remote Code Cxecution Bug: https://bugs.gentoo.org/927565 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202406-03.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
