Debian Ruby2.7 vulnerabilities

CVE-2022-28738 [CRITICAL] CVE-2022-28738: ruby2.7 - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.... A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. Scope: local bullseye: resolved

CVE-2021-41816 [CRITICAL] CVE-2021-41816: ruby2.7 - CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflo... CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. Scope: local bullseye: resolved (fixed in 2.7.4-1+deb11u1)

CVE-2021-28965 [HIGH] CVE-2021-28965: ruby2.7 - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x bef... The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. Scope: local bullseye: resolved (fixed in 2.7.3-1)

CVE-2021-32066 [HIGH] CVE-2021-32066: jruby - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x thro... An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS

CVE-2021-41819 [HIGH] CVE-2021-41819: ruby2.7 - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie n... CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. Scope: local bullseye: resolved (fixed in 2.7.4-1+deb11u1)

CVE-2021-41817 [HIGH] CVE-2021-41817: ruby2.7 - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expressi... Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Scope: local bullseye: resolved (fixed in 2.7.4-1+deb11u1)

CVE-2021-33621 [HIGH] CVE-2021-33621: ruby2.7 - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby ... The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. Scope: local bullseye: resolved (fixed in 2.7.4-1+deb11u2)

CVE-2021-31799 [HIGH] CVE-2021-31799: ruby2.7 - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, i... In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. Scope: local bullseye: resolved (fixed in 2.7.4-1)

CVE-2021-31810 [MEDIUM] CVE-2021-31810: jruby - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x thro... An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and se

CVE-2021-28966 [HIGH] CVE-2021-28966: ruby2.7 - In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when... In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. Scope: local bullseye: resolved

CVE-2020-10663 [HIGH] CVE-2020-10663: ruby-json - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 thro... The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the inte

CVE-2020-25613 [HIGH] CVE-2020-25613: jruby - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x th... An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. Sc

CVE-2020-10933 [MEDIUM] CVE-2020-10933: ruby2.7 - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.... An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the