CVE-2024-27281Deserialization of Untrusted Data in Rdoc

CWE-502Deserialization of Untrusted DataCWE-74InjectionCWE-94Code Injection13 documents9 sources
Severity
4.5MEDIUMNVD
EPSS
2.5%
top 14.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Rdoc
Timeline
PublishedMay 14
Latest updateFeb 10

Description

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 us

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4

Affected Packages1 packages

RubyGemsruby-lang/rdoc6.3.36.3.4.1+3

🔴Vulnerability Details

6
OSV
ruby2.3, ruby2.5 vulnerability2025-02-10
OSV
ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities2024-06-17
OSV
CVE-2024-27281: An issue was discovered in RDoc 62024-05-14
CVEList
CVE-2024-27281: An issue was discovered in RDoc 62024-05-08
GHSA
RDoc RCE vulnerability with .rdoc_options2024-03-25

📋Vendor Advisories

5
Ubuntu
Ruby vulnerability2025-02-10
Ubuntu
Ruby vulnerabilities2024-06-17
Microsoft
An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant 2024-05-14
Red Hat
ruby: RCE vulnerability with .rdoc_options in RDoc2024-03-21
Debian
CVE-2024-27281: ruby2.7 - An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x ...2024

💬Community

1
HackerOne
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc2024-03-29
CVE-2024-27281 — Deserialization of Untrusted Data | cvebase