logo
DATABASE RESOURCES PRICING ABOUT US

USN-4922-1: Ruby vulnerability | Cloud Foundry

Description

## Severity Medium ## Vendor Canonical Ubuntu ## Versions Affected * Canonical Ubuntu 18.04 ## Description Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. CVEs contained in this USN include: CVE-2021-28965. ## Affected Cloud Foundry Products and Versions _Severity is medium unless otherwise noted._ * cflinuxfs3 * All versions prior to 0.236.0 * CF Deployment * All versions prior to 16.13.0 ## Mitigation Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases: * cflinuxfs3 * Upgrade all versions to 0.236.0 or greater * CF Deployment * Upgrade all versions to 16.13.0 or greater ## References * [USN Notice](<https://usn.ubuntu.com/4922-1/>) * [CVE-2021-28965](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-28965>) ## History 2021-04-29: Initial vulnerability report published.


Affected Software


CPE Name Name Version
cflinuxfs3 0.236.0
cf deployment 16.13.0

Related