CVE-2021-31799
ADVISORY - githubSummary
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
Common Weakness Enumeration (CWE)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
Improper Neutralization of Special Elements used in a Command ('Command Injection')
NIST
1
CVSS SCORE
7highGitHub
CVSS SCORE
7highAlpine
-
Debian
-
Ubuntu
1.0
CVSS SCORE
7mediumAlma
-
CVSS SCORE
N/AhighAlma
-
CVSS SCORE
N/AhighAlma
-
CVSS SCORE
N/AmediumAmazon
-
CVSS SCORE
N/AlowAmazon
-
CVSS SCORE
N/AlowAmazon
-
CVSS SCORE
N/AmediumRed Hat
1.0
CVSS SCORE
7mediumRocky
-
CVSS SCORE
N/AhighRocky
-
CVSS SCORE
N/AhighRocky
-
CVSS SCORE
N/AlowOracle
-
CVSS SCORE
N/AhighOracle
-
CVSS SCORE
N/AhighOracle
-
CVSS SCORE
N/AmediumOracle
-