Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 927565 (CVE-2024-27281) - <dev-ruby/rdoc-6.6.3.1: RCE vulnerability with .rdoc_options in RDoc
Summary: <dev-ruby/rdoc-6.6.3.1: RCE vulnerability with .rdoc_options in RDoc
Status: RESOLVED FIXED
Alias: CVE-2024-27281
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 927566
Blocks:
  Show dependency tree
 
Reported: 2024-03-23 06:53 UTC by Hans de Graaff
Modified: 2024-06-22 07:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev Security 2024-03-23 06:53:44 UTC
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.
Details

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.

When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.

When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.
Comment 1 Larry the Git Cow gentoo-dev 2024-06-05 05:49:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58a19beefd3b8f8a311414182db8d30d2227d82b

commit 58a19beefd3b8f8a311414182db8d30d2227d82b
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2024-06-05 05:48:38 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-06-05 05:49:17 +0000

    dev-ruby/rdoc: drop 6.5.0
    
    Bug: https://bugs.gentoo.org/927565
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 dev-ruby/rdoc/Manifest          |  1 -
 dev-ruby/rdoc/rdoc-6.5.0.ebuild | 98 -----------------------------------------
 2 files changed, 99 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-06-22 07:31:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f92f9f607c40e6a024e40691a4a77a9004288704

commit f92f9f607c40e6a024e40691a4a77a9004288704
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-06-22 07:30:29 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-06-22 07:31:04 +0000

    [ GLSA 202406-03 ] RDoc: Remote Code Cxecution
    
    Bug: https://bugs.gentoo.org/927565
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202406-03.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)