---

CVE-2021-31810 - log back

CVE-2021-31810 edited at 07 Jul 2021 12:56:34
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes Net::FTP extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
References	+ https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ + https://hackerone.com/reports/1145454 + https://github.com/ruby/net-ftp/commit/5709ece67cf57a94655e34532f8a7899b28d496a
Notes

CVE-2021-31810 created at 07 Jul 2021 12:53:38