CVE-2024-27281 - RDoc YAML Configuration File Vulnerability Leads to Object Injection and Remote Code Execution

A security vulnerability has been discovered in RDoc, a popular documentation generating tool for the Ruby programming language. Specifically, RDoc versions 6.3.3 through 6.6.2 contain a flaw that allows for object injection and potential remote code execution. In this post, we will discuss the details of this vulnerability, the affected versions, and how to update your software to mitigate the risk.

Exploit Details

The vulnerability (CVE-2024-27281) exists within the way that RDoc parses .rdoc_options configuration files. When RDoc reads the contents of these files as YAML, there are no restrictions on which classes can be restored. This allows for potential object injection and remote code execution if an attacker is able to craft a malicious .rdoc_options file or cache.

To demonstrate this vulnerability, consider the following code snippet from a vulnerable version of RDoc:

require 'yaml'

def parse_rdoc_options
  options = nil
  if File.exist?('.rdoc_options')
    input = File.read('.rdoc_options')
    options = YAML.load(input)
  end
  options
end

options = parse_rdoc_options

In this code, the YAML.load() method is used to parse the contents of the .rdoc_options file without any class restrictions. This could enable an attacker to create a malicious .rdoc_options file that injects harmful objects through YAML deserialization.

To update your RDoc version, use the following commands

gem uninstall rdoc
gem install rdoc --version <fixed_rdoc_version_number>

Replace <fixed_rdoc_version_number> with the appropriate version number based on your Ruby version.

Original References

1. RDoc GitHub repository: https://github.com/ruby/rdoc
2. Vulnerability announcement on GitHub: https://github.com/ruby/rdoc/issues/864
3. CVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27281

Conclusion

To mitigate the risk posed by CVE-2024-27281, it is crucial to update your version of RDoc to one of the fixed versions mentioned above. Always be diligent in applying security updates to your software and keep an eye on vulnerability disclosures to maintain a secure environment.

Timeline

Published on: 05/14/2024 15:11:57 UTC
Last modified on: 08/20/2024 14:35:05 UTC