CVE-2021-31810 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Information disclosure |
Description | A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes Net::FTP extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2141 | logstash | 7.10.2-1 | High | Not affected | ||
AVG-2140 | ruby2.6 | 2.6.7-1 | 2.6.8-1 | High | Fixed | |
AVG-2139 | ruby2.7 | 2.7.3-1 | 2.7.4-1 | High | Fixed | |
AVG-2138 | ruby | 3.0.1-1 | 3.0.2-1 | High | Fixed | |
AVG-1906 | jruby | 9.2.19.0-1 | 9.3.0.0-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
14 Jul 2021 | ASA-202107-25 | AVG-2140 | ruby2.6 | High | multiple issues |
14 Jul 2021 | ASA-202107-24 | AVG-2139 | ruby2.7 | High | multiple issues |
14 Jul 2021 | ASA-202107-23 | AVG-2138 | ruby | High | multiple issues |