Lucene search
GoogleOSV:RLSA-2022:0672HistoryFeb 24, 2022 - 3:11 p.m.
Moderate: ruby:2.5 security update
2022-02-2415:11:44
Google
osv.dev
13
ruby
security update
command injection
ftp pasv
starttls stripping
EPSS
0.01
Percentile
83.7%
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
-
rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
-
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
-
ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
nessus
nessus
FreeBSD : Ruby -- multiple vulnerabilities (7ed5779c-e4c7-11eb-91d7-08002728f74c)
2021-07-16 00:00:00
CentOS 8 : ruby:2.5 (CESA-2022:0672)
2022-02-25 00:00:00
Debian DLA-2780-1 : ruby2.3 - LTS security update
2021-10-13 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2780-1)
2021-10-14 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2721)
2021-11-12 00:00:00
Ubuntu: Security Advisory (USN-5020-1)
2021-07-22 00:00:00
osv
osv
ruby2.3 - security update
2021-10-11 00:00:00
libruby3_0-3_0-3.0.2-1.1 on GA media
2024-06-15 00:00:00
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
suse
suse
Security update for ruby2.5 (important)
2021-12-01 00:00:00
Security update for ruby2.5 (important)
2021-12-06 00:00:00
Security update for ruby2.5 (important)
2022-05-03 00:00:00
rocky
rocky
ruby:2.5 security update
2022-02-24 15:11:44
ruby:2.7 security update
2021-08-05 14:06:16
ruby:2.6 security update
2022-02-16 08:26:13
oraclelinux
oraclelinux
ruby:2.5 security update
2022-02-28 00:00:00
ruby:2.5 security update
2022-03-08 00:00:00
ruby:2.7 security update
2021-08-06 00:00:00
cloudfoundry
cloudfoundry
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
debian
debian
[SECURITY] [DLA 2780-1] ruby2.3 security update
2021-10-13 14:12:23
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
[SECURITY] [DLA 3408-1] jruby security update
2023-04-30 20:58:08
redhat
redhat
(RHSA-2022:0672) Moderate: ruby:2.5 security update
2022-02-24 15:11:44
(RHSA-2021:3559) Important: rh-ruby27-ruby security update
2021-09-20 07:32:43
(RHSA-2021:3020) Important: ruby:2.7 security update
2021-08-05 14:06:16
archlinux
archlinux
[ASA-202107-25] ruby2.6: multiple issues
2021-07-14 00:00:00
[ASA-202107-23] ruby: multiple issues
2021-07-14 00:00:00
[ASA-202107-24] ruby2.7: multiple issues
2021-07-14 00:00:00
freebsd
freebsd
Ruby -- multiple vulnerabilities
2021-07-07 00:00:00
RDoc -- command injection vulnerability
2021-05-02 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Important: ruby:2.7 security update
2021-08-05 14:06:16
Important: ruby:2.6 security update
2022-02-16 08:26:13
ubuntu
ubuntu
Ruby vulnerabilities
2021-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34
2021-07-29 01:09:21
redos
redos
ROS-20240723-03
2024-07-23 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
cnvd
cnvd
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
2021-07-12 00:00:00
debiancve
debiancve
prion
prion
ubuntucve
ubuntucve
photon
photon
Important Photon OS Security Update - PHSA-2021-0084
2021-08-20 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0096
2021-09-07 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0096
2021-09-07 00:00:00
hackerone
hackerone
Ruby: OS Command Injection in 'rdoc' documentation generator
2021-04-12 16:47:15
Ruby: imap: StartTLS stripping attack (CVE-2016-0772).
2021-04-28 16:06:30
Ruby: lib/net/ftp.rb: trusting PASV responses allow client abuse
2021-04-02 15:56:47
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2021-07-11 15:57:38
Denial Of Service (DoS)
2021-07-11 16:10:12
Man In The Middle (MitM)
2021-07-10 14:45:44
github
github
Arbitrary Code Execution in Rdoc
2021-09-01 18:53:15
alpinelinux
alpinelinux
amazon
amazon
cve
cve
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2021-32066 affecting package ruby for versions less than 2.7.4-1
2022-04-09 06:51:53
CVE-2021-32066 affecting package ruby 2.6.7-3
2021-09-09 15:03:01
cvelist
cvelist
gentoo
gentoo
RDoc: Command Injection
2024-01-05 00:00:00
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
attackerkb
attackerkb
CVE-2021-31799
2021-07-30 00:00:00
rubygems
rubygems
RDoc OS command injection vulnerability
2021-05-01 21:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00