Ruby/rdoc/4.2.2


RDoc produces HTML and command-line documentation for Ruby projects. RDoc includes the +rdoc+ and +ri+ tools for generating and displaying documentation from the command-line.

https://rubygems.org/gems/rdoc
Ruby

2 Security Vulnerabilities

Arbitrary Code Execution in Rdoc

Published date: 2021-09-01T18:53:15Z
CVE: CVE-2021-31799
Links:

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

Affected versions: ["6.3.0", "6.2.1", "6.2.0", "6.1.2", "6.1.1", "6.1.0", "6.1.0.beta3", "6.1.0.beta2", "6.1.0.beta1", "6.0.4", "6.0.3", "6.0.2", "6.0.1.1", "6.0.1", "6.0.0", "6.0.0.beta4", "6.0.0.beta3", "6.0.0.beta2", "6.0.0.beta1", "5.1.0", "5.0.1", "5.0.0", "5.0.0.beta2", "5.0.0.beta1", "4.3.0", "4.2.2", "4.2.1", "4.2.0", "4.1.2", "4.1.1", "4.1.0", "4.1.0.preview.3", "4.0.1", "4.0.0", "4.0.0.rc.2.1", "4.0.0.rc.2", "4.0.0.preview2.1", "4.0.0.preview2", "3.12.2", "3.12.1", "3.12", "3.11"]
Secure versions: [6.1.2.1, 6.6.3.1, 6.5.1.1, 6.4.1.1, 6.3.4.1]
Recommendation: Update to version 6.6.3.1.

RDoc OS command injection vulnerability

Published date: 2021-05-02
CVE: 2021-31799
CVSS V3: 7.0
Links:

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.

Affected versions: ["6.2.1", "6.2.0", "6.1.2", "6.1.1", "6.1.0", "6.1.0.beta3", "6.1.0.beta2", "6.1.0.beta1", "6.0.4", "6.0.3", "6.0.2", "6.0.1.1", "6.0.1", "6.0.0", "6.0.0.beta4", "6.0.0.beta3", "6.0.0.beta2", "6.0.0.beta1", "5.1.0", "5.0.1", "5.0.0", "5.0.0.beta2", "5.0.0.beta1", "4.3.0", "4.2.2", "4.2.1", "4.2.0", "4.1.2", "4.1.1", "4.1.0", "4.1.0.preview.3", "4.0.1", "4.0.0", "4.0.0.rc.2.1", "4.0.0.rc.2", "4.0.0.preview2.1", "4.0.0.preview2", "3.12.2", "3.12.1", "3.12", "3.11", "3.10", "3.10.pre.3", "3.10.pre.2", "3.10.pre.1", "3.9.5", "3.9.4", "3.9.3", "3.9.2", "3.9.1", "3.9", "3.8", "3.7", "3.6.1", "3.6", "3.5.3", "3.5.2", "3.5.1", "3.5", "3.4", "3.3", "3.2", "3.1", "3.0.1", "3.0", "2.5.11", "2.5.10", "2.5.9", "2.5.8", "2.5.7", "2.5.6", "2.5.5", "2.5.4", "2.5.3", "2.5.2", "2.5.1", "2.5", "2.4.3", "2.4.2", "2.4.1", "2.4.0", "2.3.0", "2.2.1", "2.2.0", "2.1.0", "2.0.0", "6.3.0"]
Secure versions: [6.1.2.1, 6.6.3.1, 6.5.1.1, 6.4.1.1, 6.3.4.1]
Recommendation: Update to version 6.6.3.1.

100 Other Versions

Version License Security Released
6.6.3.1 Ruby 2024-03-21 - 04:31 8 days
6.6.2 Ruby 1 2023-12-16 - 03:40 3 months
6.6.1 Ruby 1 2023-12-05 - 07:37 4 months
6.6.0 Ruby 1 2023-11-06 - 08:30 5 months
6.5.1.1 Ruby 2024-03-21 - 04:31 8 days
6.5.0 Ruby 1 2022-12-05 - 05:00 over 1 year
6.4.1.1 Ruby 2024-03-21 - 04:31 8 days
6.4.0 Ruby 1 2021-12-24 - 08:03 over 2 years
6.3.4.1 Ruby 2024-03-21 - 04:31 8 days
6.3.3 Ruby 1 2021-11-11 - 08:57 over 2 years
6.3.2 Ruby 1 2021-07-05 - 10:33 over 2 years
6.3.1 Ruby 1 2021-05-02 - 14:07 almost 3 years
6.3.0 Ruby 3 2020-12-21 - 07:05 over 3 years
6.2.1 Ruby 2 2019-12-23 - 23:09 over 4 years
6.2.0 Ruby 2 2019-08-28 - 10:47 over 4 years
6.1.2.1 Ruby 2021-09-06 - 07:23 over 2 years
6.1.2 Ruby 2 2019-08-28 - 10:44 over 4 years
6.1.1 Ruby 2 2018-12-26 - 22:12 over 5 years
6.1.0 Ruby 2 2018-12-23 - 12:48 over 5 years
6.1.0.beta3 Ruby 2 2018-12-08 - 17:19 over 5 years
6.1.0.beta2 Ruby 2 2018-10-17 - 06:06 over 5 years
6.1.0.beta1 Ruby 2 2018-10-17 - 05:57 over 5 years
6.0.4 Ruby 2 2018-05-04 - 10:04 almost 6 years
6.0.3 Ruby 2 2018-03-26 - 05:10 about 6 years
6.0.2 Ruby 2 2018-03-17 - 05:23 about 6 years
6.0.1.1 Ruby 2 2019-08-28 - 10:43 over 4 years
6.0.1 Ruby 2 2017-12-23 - 23:25 over 6 years
6.0.0 Ruby 2 2017-12-05 - 11:05 over 6 years
6.0.0.beta4 Ruby 2 2017-11-27 - 10:17 over 6 years
6.0.0.beta3 Ruby 2 2017-10-10 - 01:46 over 6 years
6.0.0.beta2 Ruby 2 2017-09-12 - 03:33 over 6 years
6.0.0.beta1 Ruby 2 2017-08-29 - 11:30 over 6 years
5.1.0 Ruby 2 2017-02-24 - 07:28 about 7 years
5.0.1 Ruby 2 2019-08-28 - 10:40 over 4 years
5.0.0 Ruby 2 2016-11-05 - 08:28 over 7 years
5.0.0.beta2 Ruby 2 2016-09-07 - 22:05 over 7 years
5.0.0.beta1 Ruby 2 2016-09-07 - 02:28 over 7 years
4.3.0 Ruby 2 2016-11-05 - 02:50 over 7 years
4.2.2 Ruby 2 2016-02-09 - 02:23 about 8 years
4.2.1 Ruby 2 2015-12-22 - 11:57 over 8 years
4.2.0 Ruby 2 2014-12-07 - 01:14 over 9 years
4.1.2 Ruby 2 2014-09-10 - 20:42 over 9 years
4.1.1 Ruby 2 2014-01-09 - 20:20 about 10 years
4.1.0 Ruby 2 2013-12-26 - 19:21 over 10 years
4.1.0.preview.3 Ruby 2 2013-12-03 - 04:13 over 10 years
4.0.1 Ruby 2 2013-03-27 - 22:48 about 11 years
4.0.0 Ruby 2 2013-02-24 - 17:26 about 11 years
4.0.0.preview2.1 Ruby 3 2012-12-15 - 05:46 over 11 years
4.0.0.preview2 Ruby 3 2012-12-01 - 20:42 over 11 years
4.0.0.rc.2 Ruby 3 2013-02-06 - 08:15 about 11 years
4.0.0.rc.2.1 Ruby 3 2013-02-08 - 22:57 about 11 years
3.12.2 UNKNOWN 2 2013-02-25 - 06:23 about 11 years
3.12.1 UNKNOWN 2 2013-02-06 - 08:11 about 11 years
3.12 UNKNOWN 4 2011-12-15 - 21:53 over 12 years
3.11 UNKNOWN 4 2011-10-17 - 22:49 over 12 years
3.10 UNKNOWN 3 2011-10-08 - 23:09 over 12 years
3.10.pre.1 UNKNOWN 3 2011-09-27 - 21:51 over 12 years
3.10.pre.3 UNKNOWN 3 2011-10-01 - 00:04 over 12 years
3.10.pre.2 UNKNOWN 3 2011-09-28 - 03:43 over 12 years
3.9.5 UNKNOWN 2 2013-02-06 - 08:09 about 11 years
3.9.4 UNKNOWN 2 2011-08-26 - 23:37 over 12 years
3.9.3 UNKNOWN 2 2011-08-23 - 23:52 over 12 years
3.9.2 UNKNOWN 2 2011-08-11 - 18:18 over 12 years
3.9.1 UNKNOWN 2 2011-07-31 - 22:49 over 12 years
3.9 UNKNOWN 3 2011-07-30 - 23:37 over 12 years
3.8 UNKNOWN 3 2011-06-29 - 20:45 over 12 years
3.7 UNKNOWN 3 2011-06-27 - 23:15 almost 13 years
3.6.1 UNKNOWN 3 2011-05-15 - 22:53 almost 13 years
3.6 UNKNOWN 3 2011-05-14 - 00:24 almost 13 years
3.5.3 UNKNOWN 3 2011-02-07 - 06:50 about 13 years
3.5.2 UNKNOWN 3 2011-02-05 - 05:24 about 13 years
3.5.1 UNKNOWN 3 2011-01-30 - 22:24 about 13 years
3.5 UNKNOWN 3 2011-01-29 - 21:24 about 13 years
3.4 UNKNOWN 3 2011-01-06 - 23:26 about 13 years
3.3 UNKNOWN 3 2011-01-03 - 18:53 about 13 years
3.2 UNKNOWN 3 2010-12-29 - 22:30 about 13 years
3.1 UNKNOWN 3 2010-12-28 - 18:24 about 13 years
3.0.1 UNKNOWN 3 2010-12-20 - 03:39 over 13 years
3.0 UNKNOWN 3 2010-12-20 - 03:26 over 13 years
2.5.11 UNKNOWN 3 2010-08-20 - 21:43 over 13 years
2.5.10 UNKNOWN 3 2010-08-18 - 05:59 over 13 years
2.5.9 UNKNOWN 3 2010-07-07 - 02:36 over 13 years
2.5.8 UNKNOWN 3 2010-04-28 - 04:47 almost 14 years
2.5.7 UNKNOWN 3 2010-04-27 - 03:02 almost 14 years
2.5.6 UNKNOWN 3 2010-04-23 - 02:08 almost 14 years
2.5.5 UNKNOWN 3 2010-04-19 - 21:39 almost 14 years
2.5.4 UNKNOWN 3 2010-04-19 - 04:30 almost 14 years
2.5.3 UNKNOWN 3 2010-04-11 - 01:15 almost 14 years
2.5.2 UNKNOWN 3 2010-04-09 - 22:26 almost 14 years
2.5.1 UNKNOWN 3 2010-04-07 - 02:49 almost 14 years
2.5 UNKNOWN 3 2010-04-01 - 06:09 almost 14 years
2.4.3 UNKNOWN 3 2009-07-25 - 18:00 over 14 years
2.4.2 UNKNOWN 3 2009-07-25 - 18:00 over 14 years
2.4.1 UNKNOWN 3 2009-07-25 - 18:00 over 14 years
2.4.0 UNKNOWN 3 2009-07-25 - 18:00 over 14 years
2.3.0 UNKNOWN 3 2009-07-25 - 18:00 over 14 years
2.2.1 UNKNOWN 2 2009-07-25 - 18:00 over 14 years
2.2.0 UNKNOWN 2 2009-07-25 - 18:00 over 14 years
2.1.0 UNKNOWN 2 2009-07-25 - 18:00 over 14 years
2.0.0 UNKNOWN 2 2009-07-25 - 18:00 over 14 years