Lucene search

K
redhatRedHatRHSA-2021:3020
HistoryAug 05, 2021 - 2:06 p.m.

(RHSA-2021:3020) Important: ruby:2.7 security update

2021-08-0514:06:16
access.redhat.com
82

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.0%

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)

  • rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)

  • ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)

  • ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xrubygem-bson< 4.8.1-1.module+el8.3.0+7192+4e3a532arubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm
RedHatanyx86_64rubygem-pg-debugsource< 1.2.3-1.module+el8.3.0+7192+4e3a532arubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm
RedHatanyx86_64rubygem-openssl-debuginfo< 2.1.2-137.module+el8.4.0+12025+f744ca41rubygem-openssl-debuginfo-2.1.2-137.module+el8.4.0+12025+f744ca41.x86_64.rpm
RedHatanynoarchrubygem-bson-doc< 4.8.1-1.module+el8.3.0+7192+4e3a532arubygem-bson-doc-4.8.1-1.module+el8.3.0+7192+4e3a532a.noarch.rpm
RedHatanynoarchrubygem-net-telnet< 0.2.0-137.module+el8.4.0+12025+f744ca41rubygem-net-telnet-0.2.0-137.module+el8.4.0+12025+f744ca41.noarch.rpm
RedHatanyaarch64ruby-libs-debuginfo< 2.7.4-137.module+el8.4.0+12025+f744ca41ruby-libs-debuginfo-2.7.4-137.module+el8.4.0+12025+f744ca41.aarch64.rpm
RedHatanyppc64lerubygem-io-console-debuginfo< 0.5.6-137.module+el8.4.0+12025+f744ca41rubygem-io-console-debuginfo-0.5.6-137.module+el8.4.0+12025+f744ca41.ppc64le.rpm
RedHatanyppc64lerubygem-openssl-debuginfo< 2.1.2-137.module+el8.4.0+12025+f744ca41rubygem-openssl-debuginfo-2.1.2-137.module+el8.4.0+12025+f744ca41.ppc64le.rpm
RedHatanynoarchruby-default-gems< 2.7.4-137.module+el8.4.0+12025+f744ca41ruby-default-gems-2.7.4-137.module+el8.4.0+12025+f744ca41.noarch.rpm
RedHatanys390xrubygem-bson-debuginfo< 4.8.1-1.module+el8.3.0+7192+4e3a532arubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm
Rows per page:
1-10 of 1361

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.0%