The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-005 advisory.

– In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. (CVE-2021-31799)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More