CVE-2021-31799

7HIGH

Key Information

Vendor: Debian
Status: Debian Linux
Vendor: CVE Published:; 30 July 2021

Summary

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

References

https://lists.debian.org/debian-lts-announce/2021/10/msg0...

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.ruby-lang.org/en/news/2021/05/02/os-command-i...

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2021
Vulnerability Reserved
Apr 25, 2021

Collectors

NVD DatabaseMitre Database

.