Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-41817 (GCVE-0-2021-41817)
Vulnerability from cvelistv5 – Published: 2022-01-01 00:00 – Updated: 2024-08-04 03:22
VLAI?
EPSS
Summary
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:24.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1254844"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
},
{
"name": "FEDORA-2022-82a9edac27",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"name": "FEDORA-2022-8cf0124add",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"name": "GLSA-202401-27",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T05:06:33.551Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://hackerone.com/reports/1254844"
},
{
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
},
{
"name": "FEDORA-2022-82a9edac27",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"name": "FEDORA-2022-8cf0124add",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"name": "GLSA-202401-27",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41817",
"datePublished": "2022-01-01T00:00:00.000Z",
"dateReserved": "2021-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:22:24.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41817
Vulnerability from osv_almalinux
Published
2022-09-13 00:00
Modified
2023-03-13 16:35
Summary
Moderate: ruby:3.0 security, bug fix, and enhancement update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431)
Security Fix(es):
- ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
- ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
- Ruby: Double free in Regexp compilation (CVE-2022-28738)
- Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- ruby 3.0: User-installed rubygems plugins are not being loaded [AlmaLinux8] (BZ#2110981)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-default-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.33-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.7-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.5-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.2-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.6.0+3144+d138acf1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.5.0+118+1ab773e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.5.0+118+1ab773e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.6.0+3144+d138acf1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.2-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.3-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rbs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.3.3-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rexml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.5-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rss"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.9-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.7-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-typeprof"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.15.2-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.33-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.33-141.module_el8.6.0+3263+41cde0c0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nThe following packages have been upgraded to a later upstream version: ruby (3.0.4). (BZ#2109431)\n\nSecurity Fix(es):\n\n* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)\n* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)\n* Ruby: Double free in Regexp compilation (CVE-2022-28738)\n* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* ruby 3.0: User-installed rubygems plugins are not being loaded [AlmaLinux8] (BZ#2110981)",
"id": "ALSA-2022:6450",
"modified": "2023-03-13T16:35:35Z",
"published": "2022-09-13T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6450"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28738"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2025104"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2026757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075685"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075687"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6450.html"
}
],
"related": [
"CVE-2021-41817",
"CVE-2021-41819",
"CVE-2022-28738",
"CVE-2022-28739"
],
"summary": "Moderate: ruby:3.0 security, bug fix, and enhancement update"
}
CVE-2021-41817
Vulnerability from osv_almalinux
Published
2022-08-01 00:00
Modified
2023-03-13 16:35
Summary
Moderate: ruby:2.5 security update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) * ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.9-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.9-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.9-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.9-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.9-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-4.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-4.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.4-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.0-2.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.0-2.module_el8.5.0+259+8cec6917"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.0-2.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-4.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.1-4.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-did_you_mean"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.0-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.6-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.10.3-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1-2.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.1-2.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.10-4.module_el8.5.0+259+8cec6917"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.10-4.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.10-4.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-net-telnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.1-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.2-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-2.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-2.module_el8.5.0+259+8cec6917"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-2.module_el8.5.0+2625+ec418553"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.3-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.1.1-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6.3-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6.3-110.module_el8.6.0+3074+4b08f9d4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\nSecurity Fix(es):\n* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)\n* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:5779",
"modified": "2023-03-13T16:35:20Z",
"published": "2022-08-01T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:5779"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2025104"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2026757"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-5779.html"
}
],
"related": [
"CVE-2021-41817",
"CVE-2021-41819"
],
"summary": "Moderate: ruby:2.5 security update"
}
CVE-2021-41817
Vulnerability from osv_almalinux
Published
2022-02-16 08:26
Modified
2022-02-17 11:10
Summary
Important: ruby:2.6 security update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
-
rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)
-
rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
-
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
-
ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)
-
ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
-
ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.9-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-4.module_el8.5.0+259+8cec6917"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-4.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-4.module_el8.5.0+259+8cec6917"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-4.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.1-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.1-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.0-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.0-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.0-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.0-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.2-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.2-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-did_you_mean"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.0-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-did_you_mean"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.0-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.7-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.7-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.11.3-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.11.3-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.0-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.0-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.0-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.0-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.2-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-net-telnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-net-telnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.2-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.2-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.4-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.4-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.4-1.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.4-1.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.3-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.3-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.3-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.3.3-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.2.1-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.2.1-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.9-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.9-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3.1-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3.1-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3.1-108.module_el8.5.0+2623+08a8ba32"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.3.1-108.module_el8.5.0+250+ba22dbf7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)\n\n* rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)\n\n* ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)\n\n* ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066)\n\n* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)\n\n* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0543",
"modified": "2022-02-17T11:10:41Z",
"published": "2022-02-16T08:26:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-0543.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36327"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-31799"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-31810"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-32066"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-41817"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-41819"
}
],
"related": [
"CVE-2020-36327",
"CVE-2021-31799",
"CVE-2021-31810",
"CVE-2021-32066",
"CVE-2021-41817",
"CVE-2021-41819"
],
"summary": "Important: ruby:2.6 security update"
}
CVE-2021-41817
Vulnerability from osv_almalinux
Published
2022-09-13 00:00
Modified
2023-01-03 12:15
Summary
Moderate: ruby:2.7 security, bug fix, and enhancement update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (2.7.6). (BZ#2109424)
Security Fix(es):
- ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)
- ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)
- Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-default-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.1-1.module_el8.5.0+117+35d1289b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.1-1.module_el8.6.0+3167+957ef55e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.1-1.module_el8.4.0+2399+4e3a532a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.1-1.module_el8.3.0+6147+d0dfc1e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bson-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.1-1.module_el8.3.0+6147+d0dfc1e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.24-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.0-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.13.0-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.3-1.module_el8.3.0+6147+d0dfc1e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mongo-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.3-1.module_el8.3.0+6147+d0dfc1e4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.4.0+2399+4e3a532a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.6.0+3167+957ef55e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.5.0+117+35d1289b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-net-telnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-openssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.3-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.5.0+117+35d1289b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.4.0+2399+4e3a532a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.6.0+3167+957ef55e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.3-1.module_el8.5.0+2595+0c654ebc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.7-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.1-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.1.1-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.4-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.6-138.module_el8.6.0+3263+904da987"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nThe following packages have been upgraded to a later upstream version: ruby (2.7.6). (BZ#2109424)\n\nSecurity Fix(es):\n\n* ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817)\n* ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819)\n* Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6447",
"modified": "2023-01-03T12:15:28Z",
"published": "2022-09-13T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6447"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-28739"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2025104"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2026757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2075687"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6447.html"
}
],
"related": [
"CVE-2021-41817",
"CVE-2021-41819",
"CVE-2022-28739"
],
"summary": "Moderate: ruby:2.7 security, bug fix, and enhancement update"
}
GHSA-QG54-694P-WGPP
Vulnerability from github – Published: 2021-11-16 00:32 – Updated: 2024-01-24 19:18
VLAI?
Summary
Regular expression denial of service vulnerability (ReDoS) in date
Details
Date’s parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected.
The fix limits the input length up to 128 bytes by default instead of changing the regexps. This is because Date gem uses many Regexps and it is possible that there are still undiscovered vulnerable Regexps. For compatibility, it is allowed to remove the limitation by explicitly passing limit keywords as nil like Date.parse(str, limit: nil), but note that it may take a long time to parse.
Please update the date gem to version 3.2.1, 3.1.2, 3.0.2, and 2.0.1, or later. You can use gem update date to update it. If you are using bundler, please add gem "date", ">= 3.2.1" to your Gemfile. If you import date from the standard library rather than as a gem you should update your Ruby install to 3.0.3, 2.7.5, 2.6.9 or later.
Users unable to upgrade may consider using Date.strptime instead with a predefined date format
Date.strptime('2001-02-20', '%Y-%m-%d')
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "date"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "date"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "date"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "date"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41817"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-16T00:15:43Z",
"nvd_published_at": "2022-01-01T05:15:00Z",
"severity": "HIGH"
},
"details": "Date\u2019s parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected.\n\nThe fix limits the input length up to 128 bytes by default instead of changing the regexps. This is because Date gem uses many Regexps and it is possible that there are still undiscovered vulnerable Regexps. For compatibility, it is allowed to remove the limitation by explicitly passing limit keywords as nil like Date.parse(str, limit: nil), but note that it may take a long time to parse.\n\nPlease update the date gem to version 3.2.1, 3.1.2, 3.0.2, and 2.0.1, or later. You can use gem update date to update it. If you are using bundler, please add gem \"date\", \"\u003e= 3.2.1\" to your Gemfile. If you import `date` from the standard library rather than as a gem you should update your Ruby install to `3.0.3`, `2.7.5`, `2.6.9` or later.\n\nUsers unable to upgrade may consider using `Date.strptime` instead with a predefined date format\n```ruby\nDate.strptime(\u00272001-02-20\u0027, \u0027%Y-%m-%d\u0027)\n```",
"id": "GHSA-qg54-694p-wgpp",
"modified": "2024-01-24T19:18:37Z",
"published": "2021-11-16T00:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41817"
},
{
"type": "WEB",
"url": "https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1254844"
},
{
"type": "PACKAGE",
"url": "https://github.com/ruby/date"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/date/CVE-2021-41817.yml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular expression denial of service vulnerability (ReDoS) in date"
}
bit-ruby-2021-41817
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:04
Modified
2025-04-03 14:40
Summary
Details
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "ruby",
"purl": "pkg:bitnami/ruby"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.9"
},
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.5"
},
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.3"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-41817"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.",
"id": "BIT-ruby-2021-41817",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T11:04:47.613Z",
"references": [
{
"type": "WEB",
"url": "https://hackerone.com/reports/1254844"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41817"
}
],
"schema_version": "1.5.0"
}
GSD-2021-41817
Vulnerability from gsd - Updated: 2021-11-15 00:00Details
Date's parsing methods including `Date.parse` are using Regexps internally, some of
which are vulnerable against regular expression denial of service. Applications and
libraries that apply such methods to untrusted input may be affected.
The fix limits the input length up to 128 bytes by default instead of changing the
regexps. This is because Date gem uses many Regexps and it is possible that there are
still undiscovered vulnerable Regexps. For compatibility, it is allowed to remove the
limitation by explicitly passing `limit` keywords as `nil` like
`Date.parse(str, limit: nil)`, but note that it may take a long time to parse.
Please update the date gem to version 3.2.1, 3.1.2, 3.0.2, and 2.0.1, or later. You
can use `gem update date` to update it. If you are using bundler, please add
`gem "date", ">= 3.2.1"` to your `Gemfile`.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-41817",
"description": "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.",
"id": "GSD-2021-41817",
"references": [
"https://www.suse.com/security/cve/CVE-2021-41817.html",
"https://www.debian.org/security/2022/dsa-5066",
"https://www.debian.org/security/2022/dsa-5067",
"https://access.redhat.com/errata/RHSA-2022:0708",
"https://access.redhat.com/errata/RHSA-2022:0582",
"https://access.redhat.com/errata/RHSA-2022:0581",
"https://access.redhat.com/errata/RHSA-2022:0544",
"https://access.redhat.com/errata/RHSA-2022:0543",
"https://ubuntu.com/security/CVE-2021-41817",
"https://advisories.mageia.org/CVE-2021-41817.html",
"https://security.archlinux.org/CVE-2021-41817",
"https://linux.oracle.com/cve/CVE-2021-41817.html",
"https://access.redhat.com/errata/RHSA-2022:5779",
"https://access.redhat.com/errata/RHSA-2022:6447",
"https://access.redhat.com/errata/RHSA-2022:6450",
"https://access.redhat.com/errata/RHSA-2022:6855",
"https://access.redhat.com/errata/RHSA-2022:6856"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "date",
"purl": "pkg:gem/date"
}
}
],
"aliases": [
"CVE-2021-41817",
"GHSA-qg54-694p-wgpp"
],
"details": "Date\u0027s parsing methods including `Date.parse` are using Regexps internally, some of\nwhich are vulnerable against regular expression denial of service. Applications and\nlibraries that apply such methods to untrusted input may be affected.\n\nThe fix limits the input length up to 128 bytes by default instead of changing the\nregexps. This is because Date gem uses many Regexps and it is possible that there are\nstill undiscovered vulnerable Regexps. For compatibility, it is allowed to remove the\nlimitation by explicitly passing `limit` keywords as `nil` like\n`Date.parse(str, limit: nil)`, but note that it may take a long time to parse.\n\nPlease update the date gem to version 3.2.1, 3.1.2, 3.0.2, and 2.0.1, or later. You\ncan use `gem update date` to update it. If you are using bundler, please add\n`gem \"date\", \"\u003e= 3.2.1\"` to your `Gemfile`.",
"id": "GSD-2021-41817",
"modified": "2021-11-15T00:00:00.000Z",
"published": "2021-11-15T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial of Service Vulnerability of Date Parsing Methods"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1254844",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1254844"
},
{
"name": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
},
{
"name": "FEDORA-2022-82a9edac27",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"name": "FEDORA-2022-8cf0124add",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"name": "GLSA-202401-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202401-27"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2021-41817",
"cvss_v3": 7.5,
"date": "2021-11-15",
"description": "Date\u0027s parsing methods including `Date.parse` are using Regexps internally, some of\nwhich are vulnerable against regular expression denial of service. Applications and\nlibraries that apply such methods to untrusted input may be affected.\n\nThe fix limits the input length up to 128 bytes by default instead of changing the\nregexps. This is because Date gem uses many Regexps and it is possible that there are\nstill undiscovered vulnerable Regexps. For compatibility, it is allowed to remove the\nlimitation by explicitly passing `limit` keywords as `nil` like\n`Date.parse(str, limit: nil)`, but note that it may take a long time to parse.\n\nPlease update the date gem to version 3.2.1, 3.1.2, 3.0.2, and 2.0.1, or later. You\ncan use `gem update date` to update it. If you are using bundler, please add\n`gem \"date\", \"\u003e= 3.2.1\"` to your `Gemfile`.",
"gem": "date",
"ghsa": "qg54-694p-wgpp",
"patched_versions": [
"~\u003e 2.0.1",
"~\u003e 3.0.2",
"~\u003e 3.1.2",
"\u003e= 3.2.1"
],
"title": "Regular Expression Denial of Service Vulnerability of Date Parsing Methods",
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.0.1||\u003e=3.0.0 \u003c3.0.2||\u003e=3.1.0 \u003c3.1.2||=3.2.0",
"affected_versions": "All versions before 2.0.1, all versions starting from 3.0.0 before 3.0.2, all versions starting from 3.1.0 before 3.1.2, version 3.2.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1333",
"CWE-937"
],
"date": "2023-08-08",
"description": "Date includes a ReDoS vulnerability. ",
"fixed_versions": [
"2.0.1",
"3.0.2",
"3.1.2",
"3.2.1"
],
"identifier": "CVE-2021-41817",
"identifiers": [
"CVE-2021-41817",
"GHSA-qg54-694p-wgpp"
],
"not_impacted": "All versions starting from 2.0.1 before 3.0.0, all versions starting from 3.0.2 before 3.1.0, all versions starting from 3.1.2 before 3.2.0, all versions after 3.2.0",
"package_slug": "gem/date",
"pubdate": "2022-01-01",
"solution": "Upgrade to versions 2.0.1, 3.0.2, 3.1.2, 3.2.1 or above.",
"title": "Regular expression denial of service vulnerability (ReDoS) in date",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-41817",
"https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/",
"https://hackerone.com/reports/1254844",
"https://github.com/advisories/GHSA-qg54-694p-wgpp"
],
"uuid": "84a0ec8a-f939-4e52-b971-7c3688115bb9"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "4F906DCD-2E20-4503-8D48-34A8DD858A62",
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "553D1CED-8FDA-45B1-A1D9-866A915E581E",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "CD9C7701-F92C-476E-B833-C990410CDB55",
"versionEndExcluding": "3.1.2",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:date:3.2.0:*:*:*:*:ruby:*:*",
"matchCriteriaId": "243E15F0-8B4A-480E-8ECF-016D4D6611A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77EF3309-2FD3-469A-BAA2-D6425F259B27",
"versionEndExcluding": "2.6.9",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B53365-0B48-4408-A4A7-9A3744F89F07",
"versionEndExcluding": "2.7.5",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4499575-33A0-47D7-A88B-0E6FD2340792",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1607628F-77A7-4C1F-98DF-0DC50AE8627D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1."
},
{
"lang": "es",
"value": "Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresi\u00f3n regular de denegaci\u00f3n de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1.\n"
}
],
"id": "CVE-2021-41817",
"lastModified": "2024-01-24T05:15:11.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-01T05:15:08.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1254844"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
FKIE_CVE-2021-41817
Vulnerability from fkie_nvd - Published: 2022-01-01 05:15 - Updated: 2024-11-21 06:26
Severity ?
Summary
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | date | * | |
| ruby-lang | date | * | |
| ruby-lang | date | * | |
| ruby-lang | date | 3.2.0 | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| redhat | software_collections | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| suse | linux_enterprise | 12.0 | |
| suse | linux_enterprise | 15.0 | |
| opensuse | factory | - | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "4F906DCD-2E20-4503-8D48-34A8DD858A62",
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "553D1CED-8FDA-45B1-A1D9-866A915E581E",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:date:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "CD9C7701-F92C-476E-B833-C990410CDB55",
"versionEndExcluding": "3.1.2",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:date:3.2.0:*:*:*:*:ruby:*:*",
"matchCriteriaId": "243E15F0-8B4A-480E-8ECF-016D4D6611A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77EF3309-2FD3-469A-BAA2-D6425F259B27",
"versionEndExcluding": "2.6.9",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B53365-0B48-4408-A4A7-9A3744F89F07",
"versionEndExcluding": "2.7.5",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4499575-33A0-47D7-A88B-0E6FD2340792",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1607628F-77A7-4C1F-98DF-0DC50AE8627D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1."
},
{
"lang": "es",
"value": "Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresi\u00f3n regular de denegaci\u00f3n de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1.\n"
}
],
"id": "CVE-2021-41817",
"lastModified": "2024-11-21T06:26:48.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-01T05:15:08.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1254844"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/1254844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-41817
Vulnerability from fstec - Published: 15.11.2021
VLAI Severity ?
Title
Уязвимость методов разбора даты языка программирования Ruby, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость методов разбора даты языка программирования Ruby связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», Yukihiro Matsumoto, et al., АО "НППКТ", АО «ИВК»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), РЕД ОС (запись в едином реестре российских программ №3751), Mruby, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), от 2.6.0 до 2.6.9 (Mruby), от 2.7.0 до 2.7.5 (Mruby), от 3.0.0 до 3.0.3 (Mruby), 4.7 (Astra Linux Special Edition), до 2.4.3 (ОСОН ОСнова Оnyx), - (АЛЬТ СП 10)
Possible Mitigations
Для Ruby:
использование рекомендаций производителя: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-41817
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для ОСОН Основа:
Обновление программного обеспечения ruby2.5 до версии 2.5.5-repack1-3.osnova4
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет ruby2.3 до 2.3.3-1+deb9u11 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664
https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0
https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d
https://nvd.nist.gov/vuln/detail/CVE-2021-41817
https://security-tracker.debian.org/tracker/CVE-2021-41817
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.3/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://altsp.su/obnovleniya-bezopasnosti/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-400
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Yukihiro Matsumoto, et al., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), \u043e\u0442 2.6.0 \u0434\u043e 2.6.9 (Mruby), \u043e\u0442 2.7.0 \u0434\u043e 2.7.5 (Mruby), \u043e\u0442 3.0.0 \u0434\u043e 3.0.3 (Mruby), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Ruby:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-41817\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ruby2.5 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.5.5-repack1-3.osnova4\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 ruby2.3 \u0434\u043e 2.3.3-1+deb9u11 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.11.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05714",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-41817",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Mruby, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041b\u042c\u0422 \u0421\u041f 10",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.4.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0440\u0430\u0437\u0431\u043e\u0440\u0430 \u0434\u0430\u0442\u044b \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0440\u0430\u0437\u0431\u043e\u0440\u0430 \u0434\u0430\u0442\u044b \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664\nhttps://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0\nhttps://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41817\nhttps://security-tracker.debian.org/tracker/CVE-2021-41817\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.3/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…