CVE-2021-31799 in RDoc
Summary
by MITRE • 07/30/2021
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/23/2025
The vulnerability CVE-2021-31799 represents a critical code execution flaw in RDoc versions 3.11 through 6.x prior to 6.3.1, which were distributed with Ruby versions up to 3.0.1. This issue stems from improper handling of special characters within filename parsing mechanisms, specifically involving pipe (|) and tag characters that create opportunities for malicious input manipulation. The vulnerability manifests when RDoc processes documentation files containing these specific characters in their filenames, allowing attackers to inject and execute arbitrary code within the documentation generation environment.
The technical flaw resides in the input validation and sanitization processes within RDoc's filename processing subsystem, which fails to properly escape or filter special characters that have semantic meaning in documentation generation contexts. When RDoc encounters filenames containing pipe characters or tag syntax, the parser incorrectly interprets these sequences as command invocations or markup directives rather than literal filename components. This misinterpretation creates a path traversal and command injection vector that can be exploited by attackers who control the documentation content or can influence file naming within the documentation processing environment. The vulnerability aligns with CWE-78 and CWE-94 categories, representing improper input sanitization leading to command injection and arbitrary code execution.
The operational impact of this vulnerability extends beyond simple code execution, as it can enable attackers to compromise entire documentation generation workflows and potentially gain access to underlying systems where documentation tools are deployed. In environments where RDoc is used for automated documentation generation from source code repositories, or where documentation is generated from user-provided content, this vulnerability creates a significant attack surface. Attackers could exploit this to execute malicious commands on servers running vulnerable RDoc versions, potentially leading to data exfiltration, system compromise, or further lateral movement within network environments. The vulnerability particularly affects continuous integration systems, developer workstations, and documentation servers that automatically process and generate documentation from source code repositories, making it a critical concern for software development and DevOps environments.
Organizations should immediately update to RDoc version 6.3.1 or later to remediate this vulnerability, as no reliable workarounds exist for the core parsing issue. Security teams should conduct comprehensive inventory assessments to identify all systems running vulnerable RDoc versions, particularly those involved in automated documentation generation processes. Additionally, implementing input validation controls at the application level and monitoring for unusual filename patterns in documentation processing workflows can provide additional defense-in-depth measures. The vulnerability demonstrates the importance of proper input sanitization in documentation tools and highlights the need for regular security updates in development toolchains. Organizations should also consider implementing network segmentation and access controls around systems that process user-provided documentation content to limit potential exploitation impact. This vulnerability serves as a reminder of the security risks inherent in development tools and the necessity of maintaining up-to-date toolchains to prevent exploitation of known vulnerabilities.