CVE-2021-41817
01.01.2022, 05:15
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ruby-lang | date | 𝑥 < 2.0.1 |
| ruby-lang | date | 3.0.0 ≤ 𝑥 < 3.0.2 |
| ruby-lang | date | 3.1.0 ≤ 𝑥 < 3.1.2 |
| ruby-lang | date | 3.2.0 |
| ruby-lang | ruby | 2.6.0 ≤ 𝑥 < 2.6.9 |
| ruby-lang | ruby | 2.7.0 ≤ 𝑥 < 2.7.5 |
| ruby-lang | ruby | 3.0.0 ≤ 𝑥 < 3.0.3 |
| redhat | software_collections | - |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| suse | linux_enterprise | 12.0 |
| suse | linux_enterprise | 15.0 |
| opensuse | factory | - |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ruby2.3 |
| ||||||||||
| ruby2.5 |
| ||||||||||
| ruby2.7 |
| ||||||||||
| ruby3.0 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libruby2_5-2_5 |
| ||||||||||||||||||||||||||||||||||||||||
| libruby3_4-3_4 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| ruby |
| ||
| ruby-debuginfo |
| ||
| ruby-devel |
| ||
| ruby-doc |
| ||
| ruby-irb |
| ||
| ruby-libs |
| ||
| ruby-tcltk |
| ||
| rubygem-bigdecimal |
| ||
| rubygem-io-console |
| ||
| rubygem-json |
| ||
| rubygem-minitest |
| ||
| rubygem-psych |
| ||
| rubygem-rake |
| ||
| rubygem-rdoc |
| ||
| rubygems |
| ||
| rubygems-devel |
|
Common Weakness Enumeration
References