CVE-2021-32066 log
Source |
|
Severity | High |
Remote | Yes |
Type | Silent downgrade |
Description | A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack”. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2141 | logstash | 7.10.2-1 | High | Not affected | ||
AVG-2140 | ruby2.6 | 2.6.7-1 | 2.6.8-1 | High | Fixed | |
AVG-2139 | ruby2.7 | 2.7.3-1 | 2.7.4-1 | High | Fixed | |
AVG-2138 | ruby | 3.0.1-1 | 3.0.2-1 | High | Fixed | |
AVG-1906 | jruby | 9.2.19.0-1 | 9.3.0.0-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
14 Jul 2021 | ASA-202107-25 | AVG-2140 | ruby2.6 | High | multiple issues |
14 Jul 2021 | ASA-202107-24 | AVG-2139 | ruby2.7 | High | multiple issues |
14 Jul 2021 | ASA-202107-23 | AVG-2138 | ruby | High | multiple issues |