FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
57027417-ab7f-11eb-9596-080027f515ea	RDoc -- command injection vulnerability Alexandr Savca reports: RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with \| and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command. Discovery 2021-05-02 Entry 2021-05-02 rubygem-rdoc < 6.3.1 CVE-2021-31799 https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/

VuXML ID

Description

57027417-ab7f-11eb-9596-080027f515ea

RDoc -- command injection vulnerability

Alexandr Savca reports:

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.

Discovery 2021-05-02
Entry 2021-05-02
rubygem-rdoc

< 6.3.1

CVE-2021-31799
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/