Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2021-31799

CVE-2021-31799:
Arbitrary Code Execution in Rdoc

7

CVSS Score

Basic Information

CVE ID
CVE-2021-31799
GHSA ID
GHSA-ggxm-pgc9-g7fp
EPSS Score
-
CWE
CWE-74
Published
9/1/2021
Updated
10/16/2024
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
rdocrubygems>= 3.11, < 6.1.2.16.1.2.1
rdocrubygems>= 6.2.0, < 6.2.1.16.2.1.1
rdocrubygems>= 6.3.0, < 6.3.16.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from using Kernel#open instead of File.open in the remove_unparseable method. Kernel#open interprets filenames starting with | as shell commands. The commit a7f5d6ab88632b3b482fe10611382ff73d14eed7 explicitly fixes this by replacing open with File.open, and the test case demonstrates exploitation via a filename containing | touch evil.txt && echo tags. This matches CWE-78 OS Command Injection patterns and the CVE description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In R*o* *.** t*rou** *.x ***or* *.*.*, *s *istri*ut** wit* Ru*y t*rou** *.*.*, it is possi*l* to *x**ut* *r*itr*ry *o** vi* | *n* t**s in * *il*n*m*.

Reasoning

T** vuln*r**ility st*mm** *rom usin* K*rn*l#op*n inst*** o* *il*.op*n in t** r*mov*_unp*rs***l* m*t*o*. K*rn*l#op*n int*rpr*ts *il*n*m*s st*rtin* wit* | *s s**ll *omm*n*s. T** *ommit **************************************** *xpli*itly *ix*s t*is *y r