FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Ruby -- multiple vulnerabilities

Affected packages
ruby26 < 2.6.8,1
ruby < 2.7.4,1
ruby30 < 3.0.2,1

Details

VuXML ID 7ed5779c-e4c7-11eb-91d7-08002728f74c
Discovery 2021-07-07
Entry 2021-07-14

Ruby news:

This release includes security fixes. Please check the topics below for details.

CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP

CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP

CVE-2021-31799: A command injection vulnerability in RDoc

References

CVE Name CVE-2021-31799
CVE Name CVE-2021-31810
CVE Name CVE-2021-32066
URL https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
URL https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-6-8-released/
URL https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
URL https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
URL https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
URL https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/