Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2024-2534
HistoryApr 24, 2024 - 10:15 p.m.

Medium: ruby

2024-04-2422:15:00
alas.aws.amazon.com
6
ruby
ftp server
net::ftp
ip address
port
information disclosure
vulnerability
red hat
mitre

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Issue Overview:

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). (CVE-2021-31810)

Affected Packages:

ruby

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update ruby to update your system.

New Packages:

aarch64:  
    ruby-2.0.0.648-36.amzn2.0.9.aarch64  
    ruby-devel-2.0.0.648-36.amzn2.0.9.aarch64  
    ruby-libs-2.0.0.648-36.amzn2.0.9.aarch64  
    rubygem-bigdecimal-1.2.0-36.amzn2.0.9.aarch64  
    rubygem-io-console-0.4.2-36.amzn2.0.9.aarch64  
    rubygem-json-1.7.7-36.amzn2.0.9.aarch64  
    rubygem-psych-2.0.0-36.amzn2.0.9.aarch64  
    ruby-tcltk-2.0.0.648-36.amzn2.0.9.aarch64  
    ruby-debuginfo-2.0.0.648-36.amzn2.0.9.aarch64  
  
i686:  
    ruby-2.0.0.648-36.amzn2.0.9.i686  
    ruby-devel-2.0.0.648-36.amzn2.0.9.i686  
    ruby-libs-2.0.0.648-36.amzn2.0.9.i686  
    rubygem-bigdecimal-1.2.0-36.amzn2.0.9.i686  
    rubygem-io-console-0.4.2-36.amzn2.0.9.i686  
    rubygem-json-1.7.7-36.amzn2.0.9.i686  
    rubygem-psych-2.0.0-36.amzn2.0.9.i686  
    ruby-tcltk-2.0.0.648-36.amzn2.0.9.i686  
    ruby-debuginfo-2.0.0.648-36.amzn2.0.9.i686  
  
noarch:  
    rubygems-2.0.14.1-36.amzn2.0.9.noarch  
    rubygems-devel-2.0.14.1-36.amzn2.0.9.noarch  
    rubygem-rake-0.9.6-36.amzn2.0.9.noarch  
    ruby-irb-2.0.0.648-36.amzn2.0.9.noarch  
    rubygem-rdoc-4.0.0-36.amzn2.0.9.noarch  
    ruby-doc-2.0.0.648-36.amzn2.0.9.noarch  
    rubygem-minitest-4.3.2-36.amzn2.0.9.noarch  
  
src:  
    ruby-2.0.0.648-36.amzn2.0.9.src  
  
x86_64:  
    ruby-2.0.0.648-36.amzn2.0.9.x86_64  
    ruby-devel-2.0.0.648-36.amzn2.0.9.x86_64  
    ruby-libs-2.0.0.648-36.amzn2.0.9.x86_64  
    rubygem-bigdecimal-1.2.0-36.amzn2.0.9.x86_64  
    rubygem-io-console-0.4.2-36.amzn2.0.9.x86_64  
    rubygem-json-1.7.7-36.amzn2.0.9.x86_64  
    rubygem-psych-2.0.0-36.amzn2.0.9.x86_64  
    ruby-tcltk-2.0.0.648-36.amzn2.0.9.x86_64  
    ruby-debuginfo-2.0.0.648-36.amzn2.0.9.x86_64

Additional References

Red Hat: CVE-2021-31810

Mitre: CVE-2021-31810

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64ruby< 2.0.0.648-36.amzn2.0.9ruby-2.0.0.648-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64ruby-devel< 2.0.0.648-36.amzn2.0.9ruby-devel-2.0.0.648-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64ruby-libs< 2.0.0.648-36.amzn2.0.9ruby-libs-2.0.0.648-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64rubygem-bigdecimal< 1.2.0-36.amzn2.0.9rubygem-bigdecimal-1.2.0-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64rubygem-io-console< 0.4.2-36.amzn2.0.9rubygem-io-console-0.4.2-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64rubygem-json< 1.7.7-36.amzn2.0.9rubygem-json-1.7.7-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64rubygem-psych< 2.0.0-36.amzn2.0.9rubygem-psych-2.0.0-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64ruby-tcltk< 2.0.0.648-36.amzn2.0.9ruby-tcltk-2.0.0.648-36.amzn2.0.9.aarch64.rpm
Amazon Linux2aarch64ruby-debuginfo< 2.0.0.648-36.amzn2.0.9ruby-debuginfo-2.0.0.648-36.amzn2.0.9.aarch64.rpm
Amazon Linux2i686ruby< 2.0.0.648-36.amzn2.0.9ruby-2.0.0.648-36.amzn2.0.9.i686.rpm
Rows per page:
1-10 of 341

Related

photon 2
openvas 21
alpinelinux 1
prion 1
cnvd 1
nessus 47
debiancve 1
osv 12
cve 1
redhatcve 1
veracode 1
ubuntucve 1
cvelist 1
archlinux 3
ubuntu 1
suse 3
debian 3
redhat 9
oraclelinux 4
hackerone 1
freebsd 1
almalinux 3
cloudfoundry 1
rocky 3
fedora 1
mageia 1
gentoo 1
oracle 1
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0096
2021-09-07 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0096
2021-09-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2643)
2021-11-03 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1056)
2023-01-09 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1337)
2022-03-21 00:00:00
alpinelinux
alpinelinux
CVE-2021-31810
2021-07-13 13:15:00
prion
prion
Code injection
2021-07-13 13:15:00
cnvd
cnvd
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
2021-07-12 00:00:00
nessus
nessus
Amazon Linux 2 : ruby (ALAS-2024-2534)
2024-04-30 00:00:00
EulerOS 2.0 SP8 : ruby (EulerOS-SA-2021-2643)
2021-11-02 00:00:00
Photon OS 4.0: Ruby PHSA-2021-4.0-0096
2021-09-21 00:00:00
debiancve
debiancve
CVE-2021-31810
2021-07-13 13:15:00
osv
osv
CVE-2021-31810
2021-07-13 13:15:09
BIT-ruby-2021-31810
2024-03-06 11:05:20
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
cve
cve
CVE-2021-31810
2021-07-13 13:15:00
redhatcve
redhatcve
CVE-2021-31810
2021-07-07 21:53:02
veracode
veracode
Denial Of Service (DoS)
2021-07-11 16:10:12
ubuntucve
ubuntucve
CVE-2021-31810
2021-07-13 00:00:00
cvelist
cvelist
CVE-2021-31810
2021-07-13 00:00:00
archlinux
archlinux
[ASA-202107-24] ruby2.7: multiple issues
2021-07-14 00:00:00
[ASA-202107-23] ruby: multiple issues
2021-07-14 00:00:00
[ASA-202107-25] ruby2.6: multiple issues
2021-07-14 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2021-07-21 00:00:00
suse
suse
Security update for ruby2.5 (important)
2021-12-06 00:00:00
Security update for ruby2.5 (important)
2021-12-01 00:00:00
Security update for ruby2.5 (important)
2022-05-03 00:00:00
debian
debian
[SECURITY] [DLA 2780-1] ruby2.3 security update
2021-10-13 14:13:17
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:59
[SECURITY] [DLA 3408-1] jruby security update
2023-04-30 20:58:33
redhat
redhat
(RHSA-2022:0672) Moderate: ruby:2.5 security update
2022-02-24 15:11:44
(RHSA-2021:3559) Important: rh-ruby27-ruby security update
2021-09-20 07:32:43
(RHSA-2021:3982) Important: rh-ruby30-ruby security update
2021-10-25 20:32:25
oraclelinux
oraclelinux
ruby:2.5 security update
2022-03-08 00:00:00
ruby:2.5 security update
2022-02-28 00:00:00
ruby:2.7 security update
2021-08-06 00:00:00
hackerone
hackerone
Ruby: lib/net/ftp.rb: trusting PASV responses allow client abuse
2021-04-02 15:56:47
freebsd
freebsd
Ruby -- multiple vulnerabilities
2021-07-07 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Important: ruby:2.7 security update
2021-08-05 14:06:16
Important: ruby:2.6 security update
2022-02-16 08:26:13
cloudfoundry
cloudfoundry
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
rocky
rocky
ruby:2.5 security update
2022-02-24 15:11:44
ruby:2.7 security update
2021-08-05 14:06:16
ruby:2.6 security update
2022-02-16 08:26:13
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34
2021-07-29 01:09:21
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

6.9 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON
Related for ALAS-2024-2534
photon2openvas21alpinelinux1prion1cnvd1nessus47debiancve1osv12cve1redhatcve1veracode1ubuntucve1cvelist1archlinux3ubuntu1suse3debian3redhat9oraclelinux4hackerone1freebsd1almalinux3cloudfoundry1rocky3fedora1mageia1gentoo1oracle1