Lucene search
GoogleOSV:ALSA-2022:5779HistoryAug 01, 2022 - 12:00 a.m.
Moderate: ruby:2.5 security update
2022-08-0100:00:00
Google
osv.dev
10
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.004 Low
EPSS
Percentile
73.3%
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
- ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
nessus
nessus
Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)
2023-11-07 00:00:00
RHEL 8 : ruby:2.5 (RHSA-2022:5779)
2022-08-01 00:00:00
CentOS 8 : ruby:2.5 (CESA-2022:5779)
2022-08-01 00:00:00
rocky
rocky
ruby:2.5 security update
2022-08-01 09:05:09
ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
ruby:3.0 security, bug fix, and enhancement update
2022-09-13 07:36:53
debian
debian
[SECURITY] [DLA 2853-1] ruby2.3 security update
2021-12-28 10:36:26
[SECURITY] [DSA 5067-1] ruby2.7 security update
2022-02-03 19:30:34
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
osv
osv
ruby2.3 - security update
2021-12-27 00:00:00
Moderate: ruby:2.5 security update
2022-08-01 09:05:09
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
2022-01-18 17:13:18
openvas
openvas
Debian: Security Advisory (DLA-2853-1)
2021-12-29 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1676)
2022-05-09 00:00:00
Ubuntu: Security Advisory (USN-5235-1)
2022-01-19 00:00:00
redhat
redhat
(RHSA-2022:5779) Moderate: ruby:2.5 security update
2022-08-01 09:05:09
oraclelinux
oraclelinux
ruby:2.5 security update
2022-08-03 00:00:00
ruby:2.7 security, bug fix, and enhancement update
2022-09-15 00:00:00
ruby:3.0 security, bug fix, and enhancement update
2022-09-15 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-08-01 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:3.0 security, bug fix, and enhancement update
2022-09-13 00:00:00
cloudfoundry
cloudfoundry
USN-5235-1: Ruby vulnerabilities | Cloud Foundry
2022-03-09 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2022-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
amazon
amazon
Medium: ruby
2023-11-09 19:19:00
Important: ruby
2024-02-29 10:03:00
freebsd
freebsd
rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
2021-11-15 00:00:00
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
2021-11-24 00:00:00
cve
cve
CVE-2021-41817
2022-01-01 05:15:08
CVE-2021-41819
2022-01-01 06:15:07
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-11-17 06:57:56
Denial Of Service (DoS)
2021-11-25 17:08:14
prion
prion
Design/Logic Flaw
2022-01-01 05:15:00
Code injection
2022-01-01 06:15:00
redhatcve
redhatcve
CVE-2021-41817
2021-11-19 21:23:19
CVE-2021-41819
2021-11-25 19:11:16
hackerone
hackerone
debiancve
debiancve
CVE-2021-41817
2022-01-01 05:15:08
CVE-2021-41819
2022-01-01 06:15:07
cnvd
cnvd
Ruby has unspecified vulnerabilities (CNVD-2022-06510)
2021-11-29 00:00:00
suse
suse
Security update for ruby2.5 (moderate)
2022-09-16 00:00:00
Security update for ruby2.5 (important)
2022-05-03 00:00:00
cvelist
cvelist
CVE-2021-41819
2022-01-01 00:00:00
CVE-2021-41817
2022-01-01 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0732
2024-02-29 00:00:00
f5
f5
K30272432 : RubyGems vulnerability CVE-2021-41817
2022-06-01 00:00:00
ubuntucve
ubuntucve
CVE-2021-41817
2022-01-01 00:00:00
CVE-2021-41819
2022-01-01 00:00:00
alpinelinux
alpinelinux
CVE-2021-41817
2022-01-01 05:15:08
CVE-2021-41819
2022-01-01 06:15:07
cbl_mariner
cbl_mariner
CVE-2021-41817 affecting package ruby for versions less than 3.1.2-2
2022-04-26 20:17:12
CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2
2022-04-26 20:17:12
nvd
nvd
CVE-2021-41817
2022-01-01 05:15:08
CVE-2021-41819
2022-01-01 06:15:07
github
github
Regular expression denial of service vulnerability (ReDoS) in date
2021-11-16 00:32:30
Cookie Prefix Spoofing in CGI::Cookie.parse
2022-01-21 23:22:17
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.004 Low
EPSS
Percentile
73.3%
Related for OSV:ALSA-2022:5779