For CVE-2021-31799 the current fixed version range of patched_versions: "~> 6.1.2.1", "~> 6.2.1.1", ">= 6.3.1" is incorrect.
Currently, the range implies that everything less than 6.1.2.1 is affected. However, versions less than 3.11 are not affected [1][2].
Adding "< 3.11" to the fixed versions will correct this.
References:
[1] https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
[2] GHSA-ggxm-pgc9-g7fp
For CVE-2021-31799 the current fixed version range of patched_versions:
"~> 6.1.2.1", "~> 6.2.1.1", ">= 6.3.1"is incorrect.Currently, the range implies that everything less than 6.1.2.1 is affected. However, versions less than 3.11 are not affected [1][2].
Adding "< 3.11" to the fixed versions will correct this.
References:
[1] https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
[2] GHSA-ggxm-pgc9-g7fp