Closed imaqsood closed 3 months ago
Ruby disclosed on HackerOne: RCE by parsing .rdoc_options in RDoc Specifically:
.rdoc_options
0001-Filter-marshaled-objects-ruby30.patch (F3085308)
0001-Use-safe_load-and-safe_load_file-for-rdoc_options.patch (F3085309)
https://git.launchpad.net/ubuntu/+source/ruby2.7/commit/?id=7584287c1cf59926252197badedde2cbc08e084c
Agent Runtime 7.x build vanagon-generic-builder (generic) Generic Builder Step 03 -- Vanagon Project Packaging #3209 Console [Jenkins]
Agent Runtime Artifacts Index of /puppet-runtime/99588328fc2eaf6c3ac5390a3c7214ac66159675/artifacts/
Puppet Agent 7.x Build vanagon-generic-builder (generic) Generic Builder Step 03 -- Vanagon Project Packaging #3210 [Jenkins]
Puppet Agent 7.x Artifacts Index of /puppet-agent/b3da7d646f28a489e6e04ce291214655d0adb78a/artifacts/deb/bionic/puppet7/ Index of /puppet-agent/b3da7d646f28a489e6e04ce291214655d0adb78a/artifacts/el/7/puppet7/x86_64/
References
Ruby disclosed on HackerOne: RCE by parsing
.rdoc_optionsin RDoc Specifically:0001-Filter-marshaled-objects-ruby30.patch (F3085308)
0001-Use-safe_load-and-safe_load_file-for-rdoc_options.patch (F3085309)
https://git.launchpad.net/ubuntu/+source/ruby2.7/commit/?id=7584287c1cf59926252197badedde2cbc08e084c
Testing Done
Agent Runtime 7.x build vanagon-generic-builder (generic) Generic Builder Step 03 -- Vanagon Project Packaging #3209 Console [Jenkins]
Agent Runtime Artifacts Index of /puppet-runtime/99588328fc2eaf6c3ac5390a3c7214ac66159675/artifacts/
Puppet Agent 7.x Build vanagon-generic-builder (generic) Generic Builder Step 03 -- Vanagon Project Packaging #3210 [Jenkins]
Puppet Agent 7.x Artifacts Index of /puppet-agent/b3da7d646f28a489e6e04ce291214655d0adb78a/artifacts/deb/bionic/puppet7/ Index of /puppet-agent/b3da7d646f28a489e6e04ce291214655d0adb78a/artifacts/el/7/puppet7/x86_64/