CVE-2021-41817 – ruby: Regular expression denial of service vulnerability of Date parsing methods
https://notcve.org/view.php?id=CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresión regular de denegación de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. • https://hackerone.com/reports/1254844 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF https://security.gentoo.org/glsa/202401-27 https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817 https://access.redhat.com/security/cve/CVE-2021-41817 https://bugzilla.redhat.com/show_bug. • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVE-2021-41819 – ruby: Cookie prefix spoofing in CGI::Cookie.parse
https://notcve.org/view.php?id=CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CGI::Cookie.parse en Ruby versiones hasta 2.6.8, maneja inapropiadamente los prefijos de seguridad en los nombres de las cookies. Esto también afecta a CGI gem versiones hasta 0.3.0 para Ruby. A flaw was found in Ruby. • https://hackerone.com/reports/910552 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF https://security.gentoo.org/glsa/202401-27 https://security.netapp.com/advisory/ntap-20220121-0003 https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819 https://access.redhat.com/se • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2021-28966
https://notcve.org/view.php?id=CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. En Ruby versiones hasta 3.0 en Windows, un atacante remoto puede enviar una ruta diseñada cuando una aplicación web maneja un parámetro con TmpDir • https://hackerone.com/reports/1131465 https://security.netapp.com/advisory/ntap-20210902-0004 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-31799 – rubygem-rdoc: Command injection vulnerability in RDoc
https://notcve.org/view.php?id=CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. En RDoc versiones 3.11 hasta 6.x versiones anteriores a 6.3.1, como se distribuye con Ruby versiones hasta 3.0.1, es posible ejecutar código arbitrario por medio de | y etiquetas en un nombre de archivo An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. • https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html https://security-tracker.debian.org/tracker/CVE-2021-31799 https://security.gentoo.org/glsa/202401-05 https://security.netapp.com/advisory/ntap-20210902-0004 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc https://access.redhat.com/security/cve/CVE-2021-31799 https://bugzilla.redhat.com/show_bug.cgi?id=1980132 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-32066 – ruby: StartTLS stripping vulnerability in Net::IMAP
https://notcve.org/view.php?id=CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." Se ha detectado un problema en Ruby versiones hasta 2.6.7, versiones 2.7.x hasta 2.7.3, y versiones 3.x hasta 3.0.1. Net::IMAP no lanza una excepción cuando StartTLS falla con una respuesta desconocida, lo que podría permitir a atacantes tipo man-in-the-middle omitir las protecciones TLS, al aprovechar una posición de red entre el cliente y el registro para bloquear el comando StartTLS, también se conoce como "StartTLS stripping attack" Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection to an IMAP server and subsequently eavesdrop on or modify data sent over the plain text connection. • https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a https://hackerone.com/reports/1178562 https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://security.gentoo.org/glsa/202401-27 https://security.netapp.com/advisory/ntap-20210902-0004 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap https://acces • CWE-319: Cleartext Transmission of Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •