CVE-2021-31810

CVE-2021-31810 affects Ruby up to 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can abuse the PASV response to persuade Net::FTP to connect to an attacker-specified IP/port, enabling potential information disclosure about private services (e.g., port scans and service bann...

CVE-2021-32066

CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...