Description

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

Remediation

References

CVE-2021-31799

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2005-3206)

WordPress Plugin WP Marketplace TimThumb Arbitrary File Upload (1.1.0)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)

WordPress Plugin StatPressCN 'wp-admin/admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)

TCExam Missing Authorization Vulnerability (CVE-2023-6554)

Severity

Critical

Classification

CVE-2021-31799 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities