RDoc produces HTML and command-line documentation for Ruby projects.
A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details.
RDoc used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run the rdoc command.
There is no known workaround at this time.
All RDoc users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/rdoc-6.3.2"