CVE-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).

Published: Jul 13, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31810
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.8
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ruby-lang / ruby	-	2.6.7.x
ruby-lang / ruby	2.7.0	2.7.3.x
ruby-lang / ruby	3.0.0	3.0.1.x
debian / debian_linux	9.0	9.0.x
oracle / jd_edwards_enterpriseone_tools	-	9.2.6.1

https://hackerone.com/reports/1145454
https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html
https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWXHK5UUHVSHF7HTHMX6JY3WXDVNIHSL/
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20210917-0001/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/

Vulnerability Database

289,689

CVE-2021-31810