FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
57027417-ab7f-11eb-9596-080027f515eaRDoc -- command injection vulnerability

Alexandr Savca reports:

RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdoc command.


Discovery 2021-05-02
Entry 2021-05-02
rubygem-rdoc
lt 6.3.1

CVE-2021-31799
https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/