VulnerableCode Package Details - pkg:alpm/archlinux/jruby@9.2.19.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4qeb-7mva-aaak Aliases: CVE-2021-32066	An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."	9.3.0.0-1 Affected by 0 other vulnerabilities.
VCID-gmf4-gcd5-aaab Aliases: CVE-2021-31799 GHSA-ggxm-pgc9-g7fp	In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via \| and tags in a filename.	9.3.0.0-1 Affected by 0 other vulnerabilities.
VCID-xv5b-y3av-aaae Aliases: CVE-2021-31810	An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).	9.3.0.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4qeb-7mva-aaak
Aliases:
CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

9.3.0.0-1
Affected by 0 other vulnerabilities.

VCID-gmf4-gcd5-aaab
Aliases:
CVE-2021-31799
GHSA-ggxm-pgc9-g7fp

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

9.3.0.0-1
Affected by 0 other vulnerabilities.

VCID-xv5b-y3av-aaae
Aliases:
CVE-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).

9.3.0.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:27.847566+00:00	Arch Linux Importer	Affected by	VCID-gmf4-gcd5-aaab	https://security.archlinux.org/AVG-1906	36.0.0
2025-03-28T07:45:27.828981+00:00	Arch Linux Importer	Affected by	VCID-xv5b-y3av-aaae	https://security.archlinux.org/AVG-1906	36.0.0
2025-03-28T07:45:27.810265+00:00	Arch Linux Importer	Affected by	VCID-4qeb-7mva-aaak	https://security.archlinux.org/AVG-1906	36.0.0
2024-09-18T02:00:23.972245+00:00	Arch Linux Importer	Affected by	VCID-gmf4-gcd5-aaab	https://security.archlinux.org/AVG-1906	34.0.1
2024-09-18T02:00:23.946409+00:00	Arch Linux Importer	Affected by	VCID-xv5b-y3av-aaae	https://security.archlinux.org/AVG-1906	34.0.1
2024-09-18T02:00:23.921102+00:00	Arch Linux Importer	Affected by	VCID-4qeb-7mva-aaak	https://security.archlinux.org/AVG-1906	34.0.1
2024-01-03T22:26:39.349334+00:00	Arch Linux Importer	Affected by	VCID-gmf4-gcd5-aaab	https://security.archlinux.org/AVG-1906	34.0.0rc1
2024-01-03T22:26:39.330318+00:00	Arch Linux Importer	Affected by	VCID-xv5b-y3av-aaae	https://security.archlinux.org/AVG-1906	34.0.0rc1
2024-01-03T22:26:39.311445+00:00	Arch Linux Importer	Affected by	VCID-4qeb-7mva-aaak	https://security.archlinux.org/AVG-1906	34.0.0rc1