CVE-2024-27281
First published: Thu Mar 21 2024(Updated: )
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rubygems/rdoc | >=6.3.3<6.3.4.1 | 6.3.4.1 |
| rubygems/rdoc | >=6.6.0<6.6.3.1 | 6.6.3.1 |
| rubygems/rdoc | >=6.5.0<6.5.1.1 | 6.5.1.1 |
| rubygems/rdoc | >=6.4.0<6.4.1.1 | 6.4.1.1 |
| redhat/rdoc | <6.3.4.1 | 6.3.4.1 |
| redhat/rdoc | <6.4.1.1 | 6.4.1.1 |
| redhat/rdoc | <6.5.1.1 | 6.5.1.1 |
| debian/ruby2.7 | <=2.7.4-1+deb11u1 | 2.7.4-1+deb11u4 |
| debian/ruby3.1 | <=3.1.2-8.5 | 3.1.2-7+deb12u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
- https://hackerone.com/reports/1187477
- https://launchpad.net/bugs/cve/CVE-2024-27281
- https://github.com/ruby/rdoc/commit/1254b0066f312ddbf7fae7a195e66ce5b3bc6656
- https://github.com/ruby/rdoc/commit/32ff6ba0bebd8ea26f569da5fd23be2937f6a644
- https://github.com/ruby/rdoc/commit/48617985e9fbc2825219d55f04e3e0e98d2923be
- https://github.com/ruby/rdoc/commit/811f125a4a0cc968e3eb18e16ea6c1a3b49a11bf
- https://github.com/ruby/rdoc/commit/a5de13bf0f0c26f8e764e82b5bf4bf8bffc7198e
- https://github.com/ruby/rdoc/commit/d22ba930f1f611dda531dba04cd3d2531bb3f8a5
- https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d
- https://github.com/ruby/rdoc/commit/e4a0e71e6f1032f8b4e5e58b4ef60d702c22ce17
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2024-27281.yml
- https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281
- https://nvd.nist.gov/vuln/detail/CVE-2024-27281
- https://github.com/advisories/GHSA-592j-995h-p23j (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270792
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270798
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270813
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270787
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270815
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270801
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270817
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270793
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270818
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270803
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270819
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270805
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270820
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270821
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270822
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270823
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270824
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270825
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270788
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270826
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270789
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270808
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270827
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270828
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270790
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270794
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270810
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270829
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270791
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270830
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270831
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270797
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2270786
- https://github.com/ruby/rdoc/commit/33221979e3a6a18de962553b56c396abb5ba3244
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277049
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277051
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277052
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277050
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277053
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277054
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2277055
- https://access.redhat.com/errata/RHSA-2024:3500
- https://access.redhat.com/errata/RHSA-2024:3546
- https://access.redhat.com/errata/RHSA-2024:3668
- https://access.redhat.com/errata/RHSA-2024:3670
- https://access.redhat.com/errata/RHSA-2024:3671
- https://access.redhat.com/errata/RHSA-2024:3838
- https://access.redhat.com/errata/RHSA-2024:4499
- https://bugzilla.redhat.com/show_bug.cgi?id=2270749
- https://security-tracker.debian.org/tracker/CVE-2024-27281
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27281
- https://ubuntu.com/security/CVE-2024-27281
Frequently Asked Questions
What is the severity of CVE-2024-27281?
CVE-2024-27281 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2024-27281?
To fix CVE-2024-27281, update RDoc to version 6.3.4.1 or later for affected versions.
What software is affected by CVE-2024-27281?
CVE-2024-27281 affects RDoc versions 6.3.3 through 6.6.2 distributed in Ruby 3.x through 3.3.0.
What could happen if CVE-2024-27281 is exploited?
Exploitation of CVE-2024-27281 could allow attackers to perform remote code execution on affected systems.
Is there a workaround for CVE-2024-27281 if I cannot update?
There are no known workarounds for CVE-2024-27281, and updating is the recommended solution.
- agent/type
- agent/author
- agent/first-publish-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-592j-995h-p23j
- alias/CVE-2024-27281
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/nvd-cve
- collector/redhat-bugzilla
- source/Red Hat
- collector/github-advisory
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/trending
- agent/source
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/rubygems
- package-manager/redhat
- package-manager/debian