CVE-2021-41817
01.01.2022, 05:15
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ruby-lang | date | 𝑥 < 2.0.1 |
| ruby-lang | date | 3.0.0 ≤ 𝑥 < 3.0.2 |
| ruby-lang | date | 3.1.0 ≤ 𝑥 < 3.1.2 |
| ruby-lang | date | 3.2.0 |
| ruby-lang | ruby | 2.6.0 ≤ 𝑥 < 2.6.9 |
| ruby-lang | ruby | 2.7.0 ≤ 𝑥 < 2.7.5 |
| ruby-lang | ruby | 3.0.0 ≤ 𝑥 < 3.0.3 |
| redhat | software_collections | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| suse | linux_enterprise | 12.0 |
| suse | linux_enterprise | 15.0 |
| opensuse | factory | - |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ruby2.3 |
| ||||||||||
| ruby2.5 |
| ||||||||||
| ruby2.7 |
| ||||||||||
| ruby3.0 |
|
Common Weakness Enumeration
References