PT-2021-4696 · Ruby+8 · Rdoc+8

Published

2021-05-02

·

Updated

2025-12-12

·

CVE-2021-31799

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions RDoc versions 3.11 through 6.x before 6.3.1
Description The issue is related to the RDoc documentation generator for the Ruby programming language, where it fails to properly sanitize data. This can be exploited to execute arbitrary code via | and tags in a filename. The vulnerability allows an attacker to execute arbitrary commands.
Recommendations For RDoc versions 3.11 through 6.x before 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the RDoc generator until a patch is available. Avoid using | and tags in filenames for RDoc until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77CWE-78

Related Identifiers

ALSA-2021:3020
ALSA-2022:0543
ALSA-2022:0672
ALSA-2022_0672
ALSA-2025_16880
BDU:2021-05398
CESA-2021_3020
CESA-2022_0543
CESA-2022_0672
CVE-2021-31799
DLA-2780-1
DSA-5066-1
GHSA-GGXM-PGC9-G7FP
MGASA-2021-0579
OESA-2021-1306
OPENSUSE-SU-2021:1535-1
OPENSUSE-SU-2021:3838-1
OPENSUSE-SU-2021_1535-1
OPENSUSE-SU-2021_3838-1
OPENSUSE-SU-2022_1512-1
OPENSUSE-SU-2024:11622-1
OPENSUSE-SU-2024:11623-1
OPENSUSE-SU-2024:11786-1
OPENSUSE-SU-2024:12712-1
OPENSUSE-SU-2024:13623-1
OPENSUSE-SU-2025:14621-1
OPENSUSE-SU-2025:15819-1
RHSA-2021:3020
RHSA-2021:3559
RHSA-2021:3982
RHSA-2021_3020
RHSA-2022:0543
RHSA-2022:0544
RHSA-2022:0581
RHSA-2022:0582
RHSA-2022:0672
RHSA-2022:0708
RHSA-2022_0543
RHSA-2022_0672
RLSA-2021:3020
RLSA-2022:0543
RLSA-2022:0672
SUSE-SU-2021:3837-1
SUSE-SU-2021:3838-1
SUSE-SU-2021_3838-1
SUSE-SU-2022:1512-1
SUSE-SU-2022_1512-1
USN-5020-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Rdoc
Red Hat
Rocky Linux
Suse
Ubuntu