[FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4] rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
Severity
High
Affected Packages
5
CVEs
1
Stanislav Valkanov reports:
Date's parsing methods including Date.parse
are using Regexps internally, some of which are vulnerable
against regular expression denial of service. Applications
and libraries that apply such methods to untrusted input
may be affected.
Package | Affected Version |
---|---|
pkg:freebsd/rubygem-date | < 3.2.1 |
pkg:freebsd/ruby30 | < 3.0.3,1 |
pkg:freebsd/ruby27 | < 2.7.5,1 |
pkg:freebsd/ruby26 | < 2.6.9,1 |
pkg:freebsd/ruby | < 2.6.9,1 |
- ID
- FREEBSD:6916EA94-4628-11EC-BBE2-0800270512F4
- Severity
- high
- Severity from
- CVE-2021-41817
- URL
- http://vuxml.freebsd.org/freebsd/6916ea94-4628-11ec-bbe2-0800270512f4.html
- Published
-
2021-11-15T00:00:00
(2 years ago) - Modified
-
2021-11-15T00:00:00
(2 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS2-2023-2345
- ALPINE:CVE-2021-41817
- ALSA-2022:0543
- ALSA-2022:5779
- ALSA-2022:6447
- ALSA-2022:6450
- DSA-5066-1
- DSA-5067-1
- ELSA-2022-0543
- ELSA-2022-5779
- ELSA-2022-6447
- ELSA-2022-6450
- FEDORA-2022-82a9edac27
- FEDORA-2022-8cf0124add
- GLSA-202401-27
- MS:CVE-2021-41817
- RHSA-2022:0543
- RHSA-2022:5779
- RHSA-2022:6447
- RHSA-2022:6450
- RLSA-2022:0543
- RLSA-2022:5779
- RLSA-2022:6447
- RLSA-2022:6450
- RUBYSEC:DATE-2021-41817
- SUSE-SU-2022:1512-1
- SUSE-SU-2023:4176-1
- USN-5235-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/rubygem-date | rubygem-date | < 3.2.1 | ||||
Affected | pkg:freebsd/ruby30 | ruby30 | < 3.0.3,1 | ||||
Affected | pkg:freebsd/ruby27 | ruby27 | < 2.7.5,1 | ||||
Affected | pkg:freebsd/ruby26 | ruby26 | < 2.6.9,1 | ||||
Affected | pkg:freebsd/ruby | ruby | < 2.6.9,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |