Lucene search
PRIOn knowledge basePRION:CVE-2021-32066HistoryAug 01, 2021 - 7:15 p.m.
Code injection
2021-08-0119:15:00
PRIOn knowledge base
www.prio-n.com
31
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”
References
github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a
hackerone.com/reports/1178562
lists.debian.org/debian-lts-announce/2021/10/msg00009.html
lists.debian.org/debian-lts-announce/2023/04/msg00033.html
security.gentoo.org/glsa/202401-27
security.netapp.com/advisory/ntap-20210902-0004/
www.oracle.com/security-alerts/cpuapr2022.html
www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
Related
debiancve
debiancve
CVE-2021-32066
2021-08-01 19:15:07
photon
photon
Important Photon OS Security Update - PHSA-2021-0084
2021-08-20 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0084
2021-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-32066
2021-07-15 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2021-2614)
2021-10-25 00:00:00
Photon OS 4.0: Ruby PHSA-2021-4.0-0084
2021-08-24 00:00:00
Amazon Linux 2 : ruby (ALAS-2024-2570)
2024-06-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2614)
2021-10-26 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1144)
2022-02-13 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2673)
2021-11-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-32066 affecting package ruby 2.6.7-3
2021-09-09 15:03:01
CVE-2021-32066 affecting package ruby for versions less than 2.7.4-1
2022-04-09 06:51:53
cvelist
cvelist
CVE-2021-32066
2021-08-01 00:00:00
veracode
veracode
Man In The Middle (MitM)
2021-07-10 14:45:44
osv
osv
BIT-ruby-2021-32066
2024-03-06 11:05:08
CVE-2021-32066
2021-08-01 19:15:07
ruby2.3 - security update
2021-10-11 00:00:00
redhatcve
redhatcve
CVE-2021-32066
2021-07-07 21:52:09
nvd
nvd
CVE-2021-32066
2021-08-01 19:15:07
alpinelinux
alpinelinux
CVE-2021-32066
2021-08-01 19:15:07
amazon
amazon
Medium: ruby
2024-06-06 20:17:00
cve
cve
CVE-2021-32066
2021-08-01 19:15:07
hackerone
hackerone
Ruby: imap: StartTLS stripping attack (CVE-2016-0772).
2021-04-28 16:06:30
archlinux
archlinux
[ASA-202107-23] ruby: multiple issues
2021-07-14 00:00:00
[ASA-202107-24] ruby2.7: multiple issues
2021-07-14 00:00:00
[ASA-202107-25] ruby2.6: multiple issues
2021-07-14 00:00:00
cloudfoundry
cloudfoundry
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
suse
suse
Security update for ruby2.5 (important)
2021-12-01 00:00:00
Security update for ruby2.5 (important)
2021-12-06 00:00:00
Security update for ruby2.5 (important)
2022-05-03 00:00:00
oraclelinux
oraclelinux
ruby:2.5 security update
2022-02-28 00:00:00
ruby:2.5 security update
2022-03-08 00:00:00
ruby:2.7 security update
2021-08-06 00:00:00
rocky
rocky
ruby:2.5 security update
2022-02-24 15:11:44
ruby:2.7 security update
2021-08-05 14:06:16
ruby:2.6 security update
2022-02-16 08:26:13
ubuntu
ubuntu
Ruby vulnerabilities
2021-07-21 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Important: ruby:2.7 security update
2021-08-05 14:06:16
Important: ruby:2.6 security update
2022-02-16 08:26:13
freebsd
freebsd
Ruby -- multiple vulnerabilities
2021-07-07 00:00:00
redhat
redhat
(RHSA-2022:0672) Moderate: ruby:2.5 security update
2022-02-24 15:11:44
(RHSA-2021:3559) Important: rh-ruby27-ruby security update
2021-09-20 07:32:43
(RHSA-2021:3020) Important: ruby:2.7 security update
2021-08-05 14:06:16
debian
debian
[SECURITY] [DLA 2780-1] ruby2.3 security update
2021-10-13 14:12:23
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
[SECURITY] [DLA 3408-1] jruby security update
2023-04-30 20:58:08
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34
2021-07-29 01:09:21
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00