CVE-2021-35514 – CVE-2021-35514 is a critical code injection vul... (How to Fix)

Q: What is the severity of CVE-2021-35514?

CVE-2021-35514 has a CVSS score of 9.8 (CRITICAL). CVE-2021-35514 is a critical code injection vulnerability in Narou.rb that allows attackers to execute arbitrary Ruby code by manipulating novel title or author name fields. This affects all Narou.rb users running versions before 3.8.0, potentially leading to complete system compromise.

📋 TL;DR

CVE-2021-35514 is a critical code injection vulnerability in Narou.rb that allows attackers to execute arbitrary Ruby code by manipulating novel title or author name fields. This affects all Narou.rb users running versions before 3.8.0, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Narou.rb (also known as Narou)

Versions: All versions before 3.8.0

Operating Systems: All operating systems running Ruby

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default configuration when processing novel metadata from external sources.

📦 What is this software?

Narou by Narou Project

View all CVEs affecting Narou →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to complete system takeover, data theft, and lateral movement within the network.

🟠

Likely Case

Arbitrary code execution with the privileges of the Narou.rb process, potentially allowing file system access, data manipulation, and further exploitation.

🟢

If Mitigated

Limited impact if proper input validation and sanitization are implemented, restricting code execution to sandboxed environments.

🌐 Internet-Facing: HIGH if Narou.rb is exposed to the internet, as exploitation requires minimal authentication and can be automated.

🏢 Internal Only: MEDIUM for internal deployments, as attackers would need network access but exploitation remains straightforward once access is gained.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the ability to modify novel metadata, which typically requires some level of access to the system or data sources.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.0 and later

Vendor Advisory: https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Update Narou.rb using 'gem update narou'. 3. Verify installation with 'narou version'. 4. Restart any Narou.rb services or processes.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject any novel titles or author names containing Ruby code patterns.

# Add input validation in Narou.rb configuration or wrapper scripts
# Example: Validate input doesn't contain eval(), system(), backticks, or Ruby execution patterns

🧯 If You Can't Patch

Isolate Narou.rb instances in network segments with strict egress filtering
Implement application-level firewalls to monitor and block suspicious input patterns

🔍 How to Verify

Check if Vulnerable:

Check Narou.rb version with 'narou version' command and verify it's below 3.8.0.

Check Version:

narou version

Verify Fix Applied:

After updating, confirm version is 3.8.0 or higher with 'narou version' and test with known safe input.

📡 Detection & Monitoring

Log Indicators:

Unusual Ruby code execution in logs
Suspicious novel metadata modifications
Unexpected system command execution

Network Indicators:

Unusual outbound connections from Narou.rb process
Data exfiltration patterns

SIEM Query:

process: narou AND (command: *eval* OR command: *system* OR command: *backtick*)

📊 Metadata

CVE ID: CVE-2021-35514

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: June 28, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627 Release Notes,Third Party Advisory
https://vuln.ryotak.me/advisories/51 Third Party Advisory
https://github.com/whiteleaf7/narou/blob/develop/ChangeLog.md#380-20210627 Release Notes,Third Party Advisory
https://vuln.ryotak.me/advisories/51 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35514, you might also want to check these: