{"id":"CVE-2021-31799","details":"In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.","aliases":["GHSA-ggxm-pgc9-g7fp"],"modified":"2026-03-20T11:40:55.219103Z","published":"2021-07-30T14:15:16.620Z","related":["ALSA-2021:3020","ALSA-2022:0543","ALSA-2022:0672","MGASA-2021-0579","SUSE-SU-2021:3837-1","SUSE-SU-2021:3838-1","SUSE-SU-2022:1512-1","openSUSE-SU-2021:1535-1","openSUSE-SU-2021:3838-1","openSUSE-SU-2024:11622-1","openSUSE-SU-2024:11623-1","openSUSE-SU-2024:11786-1","openSUSE-SU-2024:12712-1","openSUSE-SU-2024:13623-1","openSUSE-SU-2025:14621-1","openSUSE-SU-2025:15819-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-05"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210902-0004/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2021-31799"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/rdoc","events":[{"introduced":"25786dd7791e3bc8c130066d3f0680a3e2d28c32"},{"fixed":"9307f932b7f5f97a27706cc04e4c2de72d9baf72"}],"database_specific":{"versions":[{"introduced":"3.11"},{"fixed":"6.3.1"}]}}],"versions":["v3.11","v3.12","v4.0.0","v4.0.0.preview2","v4.0.0.preview2.1","v4.0.0.rc.2","v4.0.0.rc.2.1","v4.0.1","v4.1.0","v4.1.0.preview.1","v4.1.0.preview.3","v4.1.1","v4.2.0","v4.2.1","v4.2.2","v4.3.0","v5.0.0","v5.0.0.beta1","v5.0.0.beta2","v5.1.0","v6.0.0","v6.0.0.beta1","v6.0.0.beta2","v6.0.0.beta3","v6.0.0.beta4","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.1.0","v6.1.0.beta1","v6.1.0.beta2","v6.1.0.beta3","v6.1.1","v6.2.0","v6.2.1","v6.3.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"fixed":"9.2.6.1"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31799.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}