Debian Security Bug TrackerDEBIANCVE:CVE-2021-31810CVE-2021-31810
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
0.01 Low
EPSS
Percentile
83.7%
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | jruby | < 9.3.9.0+ds-1 | jruby_9.3.9.0+ds-1_all.deb |
| Debian | 10 | all | jruby | < 9.1.17.0-3+deb10u1 | jruby_9.1.17.0-3+deb10u1_all.deb |
| Debian | 999 | all | jruby | < 9.3.9.0+ds-1 | jruby_9.3.9.0+ds-1_all.deb |
| Debian | 13 | all | jruby | < 9.3.9.0+ds-1 | jruby_9.3.9.0+ds-1_all.deb |
| Debian | 10 | all | ruby2.5 | < 2.5.5-3+deb10u4 | ruby2.5_2.5.5-3+deb10u4_all.deb |
| Debian | 11 | all | ruby2.7 | < 2.7.4-1 | ruby2.7_2.7.4-1_all.deb |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
0.01 Low
EPSS
Percentile
83.7%