---

CVE-2021-41817 - log back

CVE-2021-41817 edited at 24 Nov 2021 17:26:44
Description	- In the Ruby "date" gem before versions 3.2.1, 3.1.2, 3.0.2, and 2.0.1, there is a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective denial of service attack. + A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. In the Ruby "date" gem before versions 3.2.1, 3.1.2, 3.0.2, and 2.0.1, there is a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective denial of service attack.
References	https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ + https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ + https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-6-9-released/ https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0

CVE-2021-41817 edited at 24 Nov 2021 17:20:14
References	https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0

CVE-2021-41817 edited at 15 Nov 2021 10:30:12
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ In the Ruby "date" gem before versions 3.2.1, 3.1.2, 3.0.2, and 2.0.1, there is a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective denial of service attack.
References	+ https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
Notes

CVE-2021-41817 created at 15 Nov 2021 10:28:14