VulnerableCode Package Details - pkg:alpm/archlinux/jruby@9.3.0.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4qeb-7mva-aaak	An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."	CVE-2021-32066
VCID-gmf4-gcd5-aaab	In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via \| and tags in a filename.	CVE-2021-31799 GHSA-ggxm-pgc9-g7fp
VCID-xv5b-y3av-aaae	An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).	CVE-2021-31810

Vulnerability

Summary

Aliases

VCID-4qeb-7mva-aaak

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

CVE-2021-32066

VCID-gmf4-gcd5-aaab

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

CVE-2021-31799
GHSA-ggxm-pgc9-g7fp

VCID-xv5b-y3av-aaae

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).

CVE-2021-31810

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:27.852511+00:00	Arch Linux Importer	Fixing	VCID-gmf4-gcd5-aaab	https://security.archlinux.org/AVG-1906	36.0.0
2025-03-28T07:45:27.833881+00:00	Arch Linux Importer	Fixing	VCID-xv5b-y3av-aaae	https://security.archlinux.org/AVG-1906	36.0.0
2025-03-28T07:45:27.815150+00:00	Arch Linux Importer	Fixing	VCID-4qeb-7mva-aaak	https://security.archlinux.org/AVG-1906	36.0.0
2024-09-18T02:00:23.977263+00:00	Arch Linux Importer	Fixing	VCID-gmf4-gcd5-aaab	https://security.archlinux.org/AVG-1906	34.0.1
2024-09-18T02:00:23.951442+00:00	Arch Linux Importer	Fixing	VCID-xv5b-y3av-aaae	https://security.archlinux.org/AVG-1906	34.0.1
2024-09-18T02:00:23.926339+00:00	Arch Linux Importer	Fixing	VCID-4qeb-7mva-aaak	https://security.archlinux.org/AVG-1906	34.0.1
2024-01-03T22:26:39.354011+00:00	Arch Linux Importer	Fixing	VCID-gmf4-gcd5-aaab	https://security.archlinux.org/AVG-1906	34.0.0rc1
2024-01-03T22:26:39.335044+00:00	Arch Linux Importer	Fixing	VCID-xv5b-y3av-aaae	https://security.archlinux.org/AVG-1906	34.0.0rc1
2024-01-03T22:26:39.316180+00:00	Arch Linux Importer	Fixing	VCID-4qeb-7mva-aaak	https://security.archlinux.org/AVG-1906	34.0.0rc1