Количество 31
Количество 31
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...
CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...
GHSA-ggxm-pgc9-g7fp
Arbitrary Code Execution in Rdoc
BDU:2021-05398
Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, позволяющая нарушителю выполнить произвольные команды
GHSA-wr95-679j-87v9
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
BDU:2021-04565
Уязвимость реализации класса Net::FTP интерпретатора Ruby, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | CVSS3: 7 | 1% Низкий | около 4 лет назад |
 | CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | CVSS3: 7 | 1% Низкий | почти 4 года назад |
| CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ... | CVSS3: 7 | 1% Низкий | почти 4 года назад |
 | CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | CVSS3: 5.8 | 1% Низкий | почти 4 года назад |
| CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | CVSS3: 5.4 | 1% Низкий | почти 4 года назад |
| CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | CVSS3: 5.8 | 1% Низкий | почти 4 года назад |
| CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ... | CVSS3: 5.8 | 1% Низкий | почти 4 года назад |
| GHSA-ggxm-pgc9-g7fp Arbitrary Code Execution in Rdoc | CVSS3: 7 | 1% Низкий | почти 4 года назад |
 | BDU:2021-05398 Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, позволяющая нарушителю выполнить произвольные команды | CVSS3: 7 | 1% Низкий | около 4 лет назад |
| GHSA-wr95-679j-87v9 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | CVSS3: 5.8 | 1% Низкий | около 3 лет назад |
| BDU:2021-04565 Уязвимость реализации класса Net::FTP интерпретатора Ruby, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 6.5 | 1% Низкий | около 4 лет назад |
Уязвимостей на страницу