Lucene search
K

4 matches found

CVE
CVE
added 2021/04/21 6:55 a.m.420 views

CVE-2021-28965

The CVE-2021-28965 issue concerns the Ruby REXML library: specifically the REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1. The root cause is improper handling of XML round-trips, which can produce an incorrect XML document after parsing and serializing. Seve...

7.5CVSS7.6AI score0.05061EPSS
CVE
CVE
added 2021/07/13 12:0 a.m.359 views

CVE-2021-31810

CVE-2021-31810 affects Ruby up to 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can abuse the PASV response to persuade Net::FTP to connect to an attacker-specified IP/port, enabling potential information disclosure about private services (e.g., port scans and service bann...

5.8CVSS6.3AI score0.0305EPSS
CVE
CVE
added 2021/08/01 12:0 a.m.345 views

CVE-2021-32066

CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...

7.4CVSS7.3AI score0.02909EPSS
CVE
CVE
added 2021/07/27 4:1 p.m.138 views

CVE-2021-28966

CVE-2021-28966 affects Ruby up to 3.0 on Windows. A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, enabling path-related manipulation. Root cause: how TmpDir parameter is processed in web contexts (no details beyond this in the provided documents...

7.5CVSS7.3AI score0.58039EPSS