CVE-2021-32066 log

Severity High
Remote Yes
Type Silent downgrade
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack”.
Group Package Affected Fixed Severity Status Ticket
AVG-2141 logstash 7.10.2-1 High Not affected
AVG-2140 ruby2.6 2.6.7-1 2.6.8-1 High Fixed
AVG-2139 ruby2.7 2.7.3-1 2.7.4-1 High Fixed
AVG-2138 ruby 3.0.1-1 3.0.2-1 High Fixed
AVG-1906 jruby High Fixed
Date Advisory Group Package Severity Type
14 Jul 2021 ASA-202107-25 AVG-2140 ruby2.6 High multiple issues
14 Jul 2021 ASA-202107-24 AVG-2139 ruby2.7 High multiple issues
14 Jul 2021 ASA-202107-23 AVG-2138 ruby High multiple issues