4 matches found
CVE-2021-28965
The CVE-2021-28965 issue concerns the Ruby REXML library: specifically the REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1. The root cause is improper handling of XML round-trips, which can produce an incorrect XML document after parsing and serializing. Seve...
CVE-2021-31810
CVE-2021-31810 affects Ruby up to 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can abuse the PASV response to persuade Net::FTP to connect to an attacker-specified IP/port, enabling potential information disclosure about private services (e.g., port scans and service bann...
CVE-2021-32066
CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...
CVE-2021-28966
CVE-2021-28966 affects Ruby up to 3.0 on Windows. A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, enabling path-related manipulation. Root cause: how TmpDir parameter is processed in web contexts (no details beyond this in the provided documents...