Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="18508af8-e496-11eb-b79d-0800270512f4"> |
2 |
<topic>rubygem-net-ftp -- Trusting FTP PASV responses vulnerability in Net::FTP</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>ruby</name> |
6 |
<range><ge>2.6.0,1</ge><lt>2.6.8,1</lt></range> |
7 |
<range><ge>2.7.0,1</ge><lt>2.7.4,1</lt></range> |
8 |
<range><ge>3.0.0,1</ge><lt>3.0.2,1</lt></range> |
9 |
</package> |
10 |
<package> |
11 |
<name>rubygem-net-ftp</name> |
12 |
<range><lt>0.1.3</lt></range> |
13 |
</package> |
14 |
</affects> |
15 |
<description> |
16 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
17 |
<p>Alexandr Savca reports:</p> |
18 |
<blockquote cite="https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/"> |
19 |
<p> |
20 |
A malicious FTP server can use the PASV response to trick |
21 |
Net::FTP into connecting back to a given IP address and port. |
22 |
This potentially makes Net::FTP extract information about |
23 |
services that are otherwise private and not disclosed |
24 |
(e.g., the attacker can conduct port scans and service banner |
25 |
extractions). |
26 |
</p> |
27 |
</blockquote> |
28 |
</body> |
29 |
</description> |
30 |
<references> |
31 |
<cvename>CVE-2021-31810</cvename> |
32 |
<url>https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/</url> |
33 |
</references> |
34 |
<dates> |
35 |
<discovery>2021-07-07</discovery> |
36 |
<entry>2021-07-14</entry> |
37 |
</dates> |
38 |
</vuln> |
39 |
|
1 |
<vuln vid="c365536d-e3cf-11eb-9d8d-b37b683944c2"> |
40 |
<vuln vid="c365536d-e3cf-11eb-9d8d-b37b683944c2"> |
2 |
<topic>go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters</topic> |
41 |
<topic>go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters</topic> |
3 |
<affects> |
42 |
<affects> |
4 |
- |
|
|