Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rdoc@6.6.2
Typegem
Namespace
Namerdoc
Version6.6.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.6.3.1
Latest_non_vulnerable_version6.6.3.1
Affected_by_vulnerabilities
0
url VCID-m4a8-ya4v-tkgm
vulnerability_id VCID-m4a8-ya4v-tkgm
summary 
RDoc RCE vulnerability with .rdoc_options
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0.

When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored.

When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.

We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead:

* For Ruby 3.0 users: Update to `rdoc` 6.3.4.1
* For Ruby 3.1 users: Update to `rdoc` 6.4.1.1
* For Ruby 3.2 users: Update to `rdoc` 6.5.1.1

You can use `gem update rdoc` to update it. If you are using bundler, please add `gem "rdoc", ">= 6.6.3.1"` to your `Gemfile`.

Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend to upgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27281.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27281.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27281
reference_id
reference_type
scores
0
value 0.02273
scoring_system epss
scoring_elements 0.84718
published_at 2026-04-29T12:55:00Z
1
value 0.02273
scoring_system epss
scoring_elements 0.84717
published_at 2026-04-26T12:55:00Z
2
value 0.02273
scoring_system epss
scoring_elements 0.84707
published_at 2026-04-24T12:55:00Z
3
value 0.02273
scoring_system epss
scoring_elements 0.8468
published_at 2026-04-21T12:55:00Z
4
value 0.02463
scoring_system epss
scoring_elements 0.85249
published_at 2026-04-13T12:55:00Z
5
value 0.02463
scoring_system epss
scoring_elements 0.85231
published_at 2026-04-08T12:55:00Z
6
value 0.02463
scoring_system epss
scoring_elements 0.8524
published_at 2026-04-09T12:55:00Z
7
value 0.02463
scoring_system epss
scoring_elements 0.85254
published_at 2026-04-11T12:55:00Z
8
value 0.02463
scoring_system epss
scoring_elements 0.8527
published_at 2026-04-18T12:55:00Z
9
value 0.02463
scoring_system epss
scoring_elements 0.85269
published_at 2026-04-16T12:55:00Z
10
value 0.02463
scoring_system epss
scoring_elements 0.85252
published_at 2026-04-12T12:55:00Z
11
value 0.02463
scoring_system epss
scoring_elements 0.8519
published_at 2026-04-02T12:55:00Z
12
value 0.02463
scoring_system epss
scoring_elements 0.85208
published_at 2026-04-04T12:55:00Z
13
value 0.02463
scoring_system epss
scoring_elements 0.8521
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27281
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27281
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27281
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rdoc
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc
5
reference_url https://github.com/ruby/rdoc/commit/1254b0066f312ddbf7fae7a195e66ce5b3bc6656
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/1254b0066f312ddbf7fae7a195e66ce5b3bc6656
6
reference_url https://github.com/ruby/rdoc/commit/32ff6ba0bebd8ea26f569da5fd23be2937f6a644
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/32ff6ba0bebd8ea26f569da5fd23be2937f6a644
7
reference_url https://github.com/ruby/rdoc/commit/48617985e9fbc2825219d55f04e3e0e98d2923be
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/48617985e9fbc2825219d55f04e3e0e98d2923be
8
reference_url https://github.com/ruby/rdoc/commit/811f125a4a0cc968e3eb18e16ea6c1a3b49a11bf
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/811f125a4a0cc968e3eb18e16ea6c1a3b49a11bf
9
reference_url https://github.com/ruby/rdoc/commit/a5de13bf0f0c26f8e764e82b5bf4bf8bffc7198e
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/a5de13bf0f0c26f8e764e82b5bf4bf8bffc7198e
10
reference_url https://github.com/ruby/rdoc/commit/d22ba930f1f611dda531dba04cd3d2531bb3f8a5
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/d22ba930f1f611dda531dba04cd3d2531bb3f8a5
11
reference_url https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d
12
reference_url https://github.com/ruby/rdoc/commit/e4a0e71e6f1032f8b4e5e58b4ef60d702c22ce17
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rdoc/commit/e4a0e71e6f1032f8b4e5e58b4ef60d702c22ce17
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2024-27281.yml
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rdoc/CVE-2024-27281.yml
14
reference_url https://hackerone.com/reports/1187477
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T13:50:49Z/
url https://hackerone.com/reports/1187477
15
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYDHPHEZI7OQXTQKTDZHGZNPIJH7ZV5N
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27281
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27281
19
reference_url https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281
20
reference_url https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements
1
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-20T13:50:49Z/
url https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067803
reference_id 1067803
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067803
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2270749
reference_id 2270749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2270749
23
reference_url https://github.com/advisories/GHSA-592j-995h-p23j
reference_id GHSA-592j-995h-p23j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-592j-995h-p23j
24
reference_url https://security.gentoo.org/glsa/202406-03
reference_id GLSA-202406-03
reference_type
scores
url https://security.gentoo.org/glsa/202406-03
25
reference_url https://access.redhat.com/errata/RHSA-2024:3500
reference_id RHSA-2024:3500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3500
26
reference_url https://access.redhat.com/errata/RHSA-2024:3546
reference_id RHSA-2024:3546
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3546
27
reference_url https://access.redhat.com/errata/RHSA-2024:3668
reference_id RHSA-2024:3668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3668
28
reference_url https://access.redhat.com/errata/RHSA-2024:3670
reference_id RHSA-2024:3670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3670
29
reference_url https://access.redhat.com/errata/RHSA-2024:3671
reference_id RHSA-2024:3671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3671
30
reference_url https://access.redhat.com/errata/RHSA-2024:3838
reference_id RHSA-2024:3838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3838
31
reference_url https://access.redhat.com/errata/RHSA-2024:4499
reference_id RHSA-2024:4499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4499
32
reference_url https://usn.ubuntu.com/6838-1/
reference_id USN-6838-1
reference_type
scores
url https://usn.ubuntu.com/6838-1/
33
reference_url https://usn.ubuntu.com/6838-2/
reference_id USN-6838-2
reference_type
scores
url https://usn.ubuntu.com/6838-2/
fixed_packages
0
url pkg:gem/rdoc@6.6.3.1
purl pkg:gem/rdoc@6.6.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rdoc@6.6.3.1
aliases CVE-2024-27281, GHSA-592j-995h-p23j
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4a8-ya4v-tkgm
Fixing_vulnerabilities
Risk_score2.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rdoc@6.6.2