Showing 1 - 12 of 12

CVE-2021-31810

Status Candidate

Overview

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).

Related Files

Gentoo Linux Security Advisory 202401-27: Posted Jan 24, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.; tags | advisory, arbitrary, vulnerability, ruby; systems | linux, gentoo; advisories | CVE-2020-25613, CVE-2021-31810, CVE-2021-32066, CVE-2021-33621, CVE-2021-41816, CVE-2021-41817, CVE-2021-41819, CVE-2022-28738, CVE-2022-28739, CVE-2023-28755, CVE-2023-28756; SHA-256 | 94bd32b96511589b4ae3eae1e1b96022fbaeeb99eb332b00a775c863282498ba; Download | Favorite | View

Red Hat Security Advisory 2022-0708-01: Posted Mar 1, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-0708-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.; tags | advisory, denial of service, spoof, vulnerability, code execution, ruby; systems | linux, redhat; advisories | CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819; SHA-256 | f83547ba4736bf0787d355efe1d9f8bfeb8c4feba15c83208f06fc61783cd7d3; Download | Favorite | View

Debian Security Advisory 5066-1: Posted Feb 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.; tags | advisory, denial of service, arbitrary, vulnerability, imap, info disclosure, ruby; systems | linux, debian; advisories | CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819; SHA-256 | 06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9; Download | Favorite | View

Red Hat Security Advisory 2022-0672-01: Posted Feb 25, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-0672-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.; tags | advisory, code execution, ruby; systems | linux, redhat; advisories | CVE-2021-31799, CVE-2021-31810, CVE-2021-32066; SHA-256 | 75b83c280fe30dd26b2d514ba311d51c918989f7bf0b43fc25fb89e588c8f1f0; Download | Favorite | View

Red Hat Security Advisory 2022-0582-01: Posted Feb 21, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-0582-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.; tags | advisory, web, denial of service, spoof, vulnerability, code execution, ruby; systems | linux, redhat; advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819; SHA-256 | 28f434c8a7e0c5a9a457c78e1d0a72539ecb56d9a3673853dd0aa3595f619eda; Download | Favorite | View

Red Hat Security Advisory 2022-0581-01: Posted Feb 21, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-0581-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.; tags | advisory, web, denial of service, spoof, vulnerability, code execution, ruby; systems | linux, redhat; advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819; SHA-256 | 8bd21cf01e10e7a947db8efca057a501595b8383a816b9f497a90e17a13ebc45; Download | Favorite | View

Red Hat Security Advisory 2022-0544-01: Posted Feb 17, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-0544-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.; tags | advisory, denial of service, spoof, vulnerability, code execution, ruby; systems | linux, redhat; advisories | CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819; SHA-256 | ceb41e93f7a4f1064aec7c5b8bc73d5be2c606f6aff3d1f38923815c8a60f0aa; Download | Favorite | View

Red Hat Security Advisory 2022-0543-01: Posted Feb 17, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-0543-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.; tags | advisory, denial of service, spoof, vulnerability, code execution, ruby; systems | linux, redhat; advisories | CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819; SHA-256 | dfdba266365e044f1046b80b1a63a79d7490623a6a4906cec8a75fe7353d9087; Download | Favorite | View

Red Hat Security Advisory 2021-3982-01: Posted Oct 26, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3982-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.; tags | advisory, code execution, ruby; systems | linux, redhat; advisories | CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066; SHA-256 | ae1df85e29296081ae5c37d1d0290ca751c28339cafb9442d23a2dd976a9dbe0; Download | Favorite | View

Red Hat Security Advisory 2021-3559-01: Posted Sep 20, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3559-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.; tags | advisory, code execution, ruby; systems | linux, redhat; advisories | CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066; SHA-256 | 3bcafc3afe5aa4e9f4251126406b75530da9675dfa4bf6acc6bf586fe9b6c45e; Download | Favorite | View

Red Hat Security Advisory 2021-3020-01: Posted Aug 6, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3020-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.; tags | advisory, code execution, ruby; systems | linux, redhat; advisories | CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066; SHA-256 | c6cc28a413af73329b50f0bed720bee159e0591e4902a6b5eb92fb5b4a5fa1ba; Download | Favorite | View

Ubuntu Security Notice USN-5020-1: Posted Jul 21, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5020-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to conduct port scans and service banner extractions. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Various other issues were also addressed.; tags | advisory, arbitrary, ruby; systems | linux, ubuntu; advisories | CVE-2021-31799, CVE-2021-31810, CVE-2021-32066; SHA-256 | ef2211358578c8a48450c1d52656dc5137ab6ffad837d9d5b87e19b92ac24d05; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2021-31810

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems