CVE-2021-31810 – ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
https://notcve.org/view.php?id=CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). Se ha detectado un problema en Ruby versiones hasta 2.6.7, versiones 2.7.x hasta 2.7.3, y versiones 3.x hasta 3.0.1. Un servidor FTP malicioso puede usar la respuesta PASV para engañar a la función Net::FTP para que se conecte de nuevo a una dirección IP y un puerto determinados. • https://hackerone.com/reports/1145454 https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL https://security.gentoo.org/glsa/202401-27 https://security.netapp.com/advisory/ntap-20210917-0001 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.ruby-lang.org/en/news/2021/07/07/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-28965 – ruby: XML round-trip vulnerability in REXML
https://notcve.org/view.php?id=CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. El REXML gem versiones anteriores a 3.2.5 en Ruby versiones anteriores a 2.6.7, versiones 2.7.x anteriores a 2.7.3 y versiones 3.x anteriores a 3.0.1, no aborda apropiadamente los problemas round-trip de XML. Puede ser producido un documento incorrecto después de analizarlo y serializarlo A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT https://security.netapp.com/advisory/ntap-20210528-0003 https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965 https://access.redhat.com/security/cve/CVE-2021-28965 https://bugzilla.redhat.com/show_bug.cgi?id=1947526 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-25613 – ruby: Potential HTTP request smuggling in WEBrick
https://notcve.org/view.php?id=CVE-2020-25613
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. Se detectó un problema en Ruby versiones hasta 2.5.8, versiones 2.6.x hasta 2.6.6 y versiones 2.7.x hasta 2.7.1. WEBrick, un simple servidor HTTP integrado con Ruby, no había comprobado rigurosamente el valor del encabezado transfer-encoding. • https://github.com/metapox/CVE-2020-25613 https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7 https://hackerone.com/reports/965267 https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PFP3E7KXXT3H3KA6CBZPUOGA5VPFARRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTZURYROG3FFED3TYCQOBV66BS4K6WOV https://security.gentoo.org/glsa/202401-27 https://sec • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-10933 – ruby: BasicSocket#read_nonblock method leads to information disclosure
https://notcve.org/view.php?id=CVE-2020-10933
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. Se descubrió un problema en Ruby versiones 2.5.x hasta 2.5.7, versiones 2.6.x hasta 2.6.5, y versión 2.7.0. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5 https://security.netapp.com/advisory/ntap-20200625-0001 https://www.debian.org/security/2020/dsa-4721 https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933 https://access.redhat.com/security/cve/CVE-2020-10933 https://bugzilla.redhat.com/show_bug.cgi?id=1833291 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVE-2020-10663 – rubygem-json: Unsafe object creation vulnerability in JSON
https://notcve.org/view.php?id=CVE-2020-10663
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. La gema JSON versiones hasta 2.2.0 para Ruby, como es usado en Ruby versiones 2.4 hasta 2.4.9, versiones 2.5 hasta 2.5.7 y versiones 2.6 hasta 2.6.5, tiene una Vulnerabilidad de Creación de Objetos No Segura. Esto es bastante similar a CVE-2013-0269, pero no se basa en un comportamiento inapropiado garbage-collection dentro de Ruby. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html http://seclists.org/fulldisclosure/2020/Dec/32 https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r8d2e174230f6d26e16c0 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •