CVE-2021-32066
01.08.2021, 19:15
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ruby-lang | ruby | 2.6.0 ≤ 𝑥 ≤ 2.6.7 |
| ruby-lang | ruby | 2.7.0 ≤ 𝑥 ≤ 2.7.3 |
| ruby-lang | ruby | 3.0.0 ≤ 𝑥 ≤ 3.0.1 |
| oracle | jd_edwards_enterpriseone_tools | 𝑥 < 9.2.6.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ruby1.9.1 |
| ||||||||||||||||
| ruby2.0 |
| ||||||||||||||||
| ruby2.3 |
| ||||||||||||||||
| ruby2.5 |
| ||||||||||||||||
| ruby2.7 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libruby2_1-2_1 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libruby2_5-2_5 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libruby3_4-3_4 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| ruby |
| ||
| ruby-debuginfo |
| ||
| ruby-devel |
| ||
| ruby-doc |
| ||
| ruby-irb |
| ||
| ruby-libs |
| ||
| ruby-tcltk |
| ||
| rubygem-bigdecimal |
| ||
| rubygem-io-console |
| ||
| rubygem-json |
| ||
| rubygem-minitest |
| ||
| rubygem-psych |
| ||
| rubygem-rake |
| ||
| rubygem-rdoc |
| ||
| rubygems |
| ||
| rubygems-devel |
|
Azure Linux Releases
Common Weakness Enumeration
References