CVE-2021-31810: Infoleak
First published: Wed Jul 07 2021(Updated: )
A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes Net::FTP extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). References: <a href="https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/">https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-ruby27-ruby | <0:2.7.4-130.el7 | 0:2.7.4-130.el7 |
| redhat/rh-ruby30-ruby | <0:3.0.2-148.el7 | 0:3.0.2-148.el7 |
| redhat/rh-ruby26-ruby | <0:2.6.9-120.el7 | 0:2.6.9-120.el7 |
| Ruby-lang Ruby | <=2.6.7 | |
| Ruby-lang Ruby | >=2.7.0<=2.7.3 | |
| Ruby-lang Ruby | >=3.0.0<=3.0.1 | |
| Fedoraproject Fedora | =34 | |
| Debian Debian Linux | =9.0 | |
| Oracle Jd Edwards Enterpriseone Tools | <9.2.6.1 | |
| redhat/ruby | <3.0.2 | 3.0.2 |
| redhat/ruby | <2.7.4 | 2.7.4 |
| redhat/ruby | <2.6.8 | 2.6.8 |
| redhat/rubygem-net-ftp | <0.1.3 | 0.1.3 |
| All of | ||
| Any of | ||
| Ruby-lang Ruby | <=2.6.7 | |
| Ruby-lang Ruby | >=2.7.0<=2.7.3 | |
| Ruby-lang Ruby | >=3.0.0<=3.0.1 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-31810 https://nvd.nist.gov/vuln/detail/CVE-2021-31810 https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://bugzilla.redhat.com/show_bug.cgi?id=1980126
- https://access.redhat.com/errata/RHSA-2021:3020
- https://access.redhat.com/errata/RHSA-2022:0543
- https://access.redhat.com/errata/RHSA-2022:0672
- https://access.redhat.com/errata/RHSA-2022:0581
- https://access.redhat.com/errata/RHSA-2022:0582
- https://access.redhat.com/errata/RHSA-2022:0544
- https://access.redhat.com/errata/RHSA-2021:3559
- https://access.redhat.com/errata/RHSA-2021:3982
- https://access.redhat.com/errata/RHSA-2022:0708
- https://access.redhat.com/security/cve/cve-2021-31810
- https://hackerone.com/reports/1145454
- https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/
- https://security.netapp.com/advisory/ntap-20210917-0001/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
- https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/
- https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-6-8-released/
- https://git.ruby-lang.org/ruby.git/commit/?id=bf4d05173c7cf04d8892e4b64508ecf7902717cd
- https://github.com/ruby/net-ftp/commit/5709ece67cf57a94655e34532f8a7899b28d496a
- https://access.redhat.com/security/cve/CVE-2020-8284
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1902667
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1980570
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1980571
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1980567
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1980568
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1980569
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/
- https://security.gentoo.org/glsa/202401-27
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-31810.
What is the severity of CVE-2021-31810?
The severity of CVE-2021-31810 is medium with a severity value of 5.4.
What is the affected software for CVE-2021-31810?
The affected software for CVE-2021-31810 is Ruby versions 2.6.7 through 2.6.8, 2.7.x through 2.7.3, and 3.x through 3.0.1.
How can a malicious FTP server exploit CVE-2021-31810?
A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port.
Is there a fix available for CVE-2021-31810?
Yes, the fix for CVE-2021-31810 is to update to Ruby version 3.0.2.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-31810
- agent/last-modified-date
- agent/trending
- package-manager/redhat
- vendor/ruby-lang
- canonical/ruby-lang ruby
- version/ruby-lang ruby/2.6.7
- version/ruby-lang ruby/2.7.0
- version/ruby-lang ruby/2.7.3
- version/ruby-lang ruby/3.0.0
- version/ruby-lang ruby/3.0.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/oracle
- canonical/oracle jd edwards enterpriseone tools