CVE-2021-31799 log

Source
Severity Medium
Remote Yes
Type Arbitrary command execution
Description
RDoc before version 6.3.1, as bundled with Ruby before version 2.7.4 and 2.6.8 as well as GitLab before version 14.0.2, used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command.
Group Package Affected Fixed Severity Status Ticket
AVG-1906 jruby 9.2.19.0-1 High Vulnerable
AVG-1905 gitlab-gitaly 14.0.3-1 Medium Vulnerable
AVG-2140 ruby2.6 2.6.7-1 2.6.8-1 High Fixed
AVG-2125 gitlab 14.0.1-1 14.0.3-1 High Fixed
AVG-1901 ruby-rdoc 6.3.0-3 6.3.1-1 Medium Fixed
Date Advisory Group Package Severity Type
14 Jul 2021 ASA-202107-25 AVG-2140 ruby2.6 High multiple issues
06 Jul 2021 ASA-202107-18 AVG-2125 gitlab High multiple issues
References
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7
https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522
https://github.com/ruby/ruby/commit/fe3c49c9baeeab58304ede915b7edd18ecf360fc