{
  "threat_severity" : "Moderate",
  "public_date" : "2024-03-21T00:00:00Z",
  "bugzilla" : {
    "description" : "ruby: RCE vulnerability with .rdoc_options in RDoc",
    "id" : "2270749",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2270749"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-94",
  "details" : [ "An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.", "A flaw was found in Rubygem RDoc. When parsing .rdoc_options used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution." ],
  "statement" : "An attacker would need to provide a maliciously crafted configuration file or documentation cache to a user in order to trigger this vulnerability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-30T00:00:00Z",
    "advisory" : "RHSA-2024:3500",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:3.0-8100020240522072634.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-06-03T00:00:00Z",
    "advisory" : "RHSA-2024:3546",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:3.1-8100020240510101534.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-06-06T00:00:00Z",
    "advisory" : "RHSA-2024:3670",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:3.3-8100020240522151542.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-07-11T00:00:00Z",
    "advisory" : "RHSA-2024:4499",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "ruby:2.5-8100020240627152904.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-06-06T00:00:00Z",
    "advisory" : "RHSA-2024:3668",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ruby:3.1-9040020240503183840.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-06-06T00:00:00Z",
    "advisory" : "RHSA-2024:3671",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ruby:3.3-9040020240522171337.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-06-11T00:00:00Z",
    "advisory" : "RHSA-2024:3838",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "ruby-0:3.0.7-162.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "ruby",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "ruby",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "ruby",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Not affected",
    "package_name" : "puppet-dns",
    "cpe" : "cpe:/a:redhat:openstack:16.1"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Not affected",
    "package_name" : "puppet-dns",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Not affected",
    "package_name" : "puppet-memcached",
    "cpe" : "cpe:/a:redhat:openstack:16.2"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.1",
    "fix_state" : "Not affected",
    "package_name" : "puppet-memcached",
    "cpe" : "cpe:/a:redhat:openstack:17.1"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Will not fix",
    "package_name" : "satellite-installer",
    "cpe" : "cpe:/a:redhat:satellite:6",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Out of support scope",
    "package_name" : "rh-ruby30-ruby",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Out of support scope",
    "package_name" : "ruby",
    "cpe" : "cpe:/a:redhat:storage:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-27281\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27281\nhttps://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/" ],
  "name" : "CVE-2024-27281",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}