4.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-27281

GHSA ID

GHSA-592j-995h-p23j

EPSS Score

0.84858%

CWE

CWE-74

Published

3/25/2024

Updated

11/18/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-27281

CVE-2024-27281: RDoc RCE vulnerability with .rdoc_options

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.

When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.

When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.

We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:

For Ruby 3.0 users: Update to rdoc 6.3.4.1
For Ruby 3.1 users: Update to rdoc 6.4.1.1
For Ruby 3.2 users: Update to rdoc 6.5.1.1

You can use gem update rdoc to update it. If you are using bundler, please add gem "rdoc", ">= 6.6.3.1" to your Gemfile.

Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend to upgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-27281

CVE-2024-27281:

4.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-27281

GHSA ID

GHSA-592j-995h-p23j

EPSS Score

0.84858%

CWE

CWE-74

Published

3/25/2024

Updated

11/18/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rdoc	rubygems	>= 6.4.0, < 6.4.1.1	6.4.1.1
rdoc	rubygems	>= 6.5.0, < 6.5.1.1	6.5.1.1
rdoc	rubygems	>= 6.6.0, < 6.6.3.1	6.6.3.1
rdoc	rubygems	>= 6.3.3, < 6.3.4.1	6.3.4.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsafe deserialization using Marshal.load without proper class filtering. The GitHub patch shows multiple instances in store.rb where direct Marshal.load calls were replaced with a filtered version (marshal_load). The original implementations in load_cache, load_class_data, load_method, and load_page all used Marshal.load on untrusted data without restricting deserializable classes, enabling object injection attacks. The patch adds a MarshalFilter that restricts classes to basic types and RDoc:: namespaced objects, confirming these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

4.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-27281: RDoc RCE vulnerability with .rdoc_options

CVE-2024-27281:

4.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

4.5

4.5

Technical Details

CVE-2024-27281: RDoc RCE vulnerability with .rdoc_options

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

4.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-27281: RDoc RCE vulnerability with .rdoc_options

CVE-2024-27281:

4.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

4.5

4.5

Technical Details

CVE-2024-27281: RDoc RCE vulnerability with .rdoc_options

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI