Description
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version
2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and
later.
Affected Software
{"id": "RUBY:RUBY-MYSQL-2021-32740", "bulletinFamily": "software", "title": "ruby-mysql Client File Read", "description": "A malicious MySQL server can request local file content from a client using ruby-mysql prior to version\n2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and\nlater.\n", "published": "2022-06-28T00:00:00", "modified": "2022-06-28T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://rubysec.com/advisories/2021-32740/", "reporter": "RubySec", "references": ["https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/"], "cvelist": ["2021-32740"], "immutableFields": [], "type": "rubygems", "lastseen": "2022-07-12T21:59:32", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 3.5, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "ruby-mysql", "version": 2}]}, "vulnersScore": 3.5}, "_state": {"score": 1659865730, "dependencies": 1660017067, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "b49b5bc0fa7fcde3ca47154db7e49f52"}, "affectedSoftware": [{"name": "ruby-mysql", "operator": "lt", "version": "2.10.0"}]}
{}
ruby-mysql Client File Read