CVE-2021-31810
published 2021-07-13CVE-2021-31810: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP…
PriorityP433medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EPSS
3.05%
85.9th percentile
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | jruby | < jruby 9.3.9.0+ds-1 (bookworm) | jruby 9.3.9.0+ds-1 (bookworm) |
| debian | ruby2.7 | < jruby 9.3.9.0+ds-1 (bookworm) | jruby 9.3.9.0+ds-1 (bookworm) |
| jruby | jruby | >= 0 < 9.3.9.0+ds-1 | 9.3.9.0+ds-1 |
| jruby | jruby | >= 0 < 9.3.9.0+ds-1 | 9.3.9.0+ds-1 |
| jruby | jruby | >= 0 < 9.3.9.0+ds-1 | 9.3.9.0+ds-1 |
| oracle | jd_edwards_enterpriseone_tools | < 9.2.6.1 | 9.2.6.1 |
| ruby-lang | ruby | <= 2.6.7 | — |
| ruby-lang | ruby | 2.7.0 – 2.7.3 | — |
| ruby-lang | ruby | 3.0.0 – 3.0.1 | — |
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.0HIGH
vendor_ubuntu7.0HIGH
vendor_debian5.8MEDIUM
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wr95-679j-87v9: An issue was discovered in Ruby through 2
ghsa_unreviewed·2022-05-24
CVE-2021-31810 [MEDIUM] CWE-668 GHSA-wr95-679j-87v9: An issue was discovered in Ruby through 2
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
OSV
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
osv·2021-07-21·CVSS 7.0
CVE-2021-31799 [HIGH] ruby2.3, ruby2.5, ruby2.7 vulnerabilities
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31799)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to conduct
port scans and service banner extractions. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to perform
machine-in-the-middle attackers to bypass the TLS protection.
(CVE-2021-32066)
OSV
CVE-2021-31810: An issue was discovered in Ruby through 2
osv·2021-07-13·CVSS 5.8
CVE-2021-31810 [MEDIUM] CVE-2021-31810: An issue was discovered in Ruby through 2
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2021-07-21·CVSS 7.0
CVE-2021-31799 [HIGH] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-31799)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to conduct
port scans and service banner extractions. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810)
It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to perform
machine-in-the-middle attackers to bypass the TLS protection.
(CVE-2021-32066)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
vendor_redhat·2021-07-07·CVSS 5.8
CVE-2021-31810 [MEDIUM] CWE-200 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from systems not accessible from t
Debian
CVE-2021-31810: jruby - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x thro...
vendor_debian·2021·CVSS 5.8
CVE-2021-31810 [MEDIUM] CVE-2021-31810: jruby - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x thro...
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
Scope: local
bookworm: resolved (fixed in 9.3.9.0+ds-1)
forky: resolved (fixed in 9.3.9.0+ds-1)
sid: resolved (fixed in 9.3.9.0+ds-1)
trixie: resolved (fixed in 9.3.9.0+ds-1)
No detection rules found.
No public exploits indexed.
https://hackerone.com/reports/1145454https://lists.debian.org/debian-lts-announce/2021/10/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2023/04/msg00033.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20210917-0001/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/https://hackerone.com/reports/1145454https://lists.debian.org/debian-lts-announce/2021/10/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2023/04/msg00033.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/https://security.gentoo.org/glsa/202401-27https://security.netapp.com/advisory/ntap-20210917-0001/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
2021-07-13
Published