Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
| Software | From | Fixed in |
|---|---|---|
| ruby-lang / date | 3.1.0 | 3.1.2 |
| ruby-lang / date | 3.0.0 | 3.0.2 |
| ruby-lang / date | - | 2.0.1 |
| ruby-lang / date | 3.2.0 | 3.2.0.x |
| ruby-lang / ruby | 3.0.0 | 3.0.3 |
| ruby-lang / ruby | 2.7.0 | 2.7.5 |
| ruby-lang / ruby | 2.6.0 | 2.6.9 |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| fedoraproject / fedora | 34 | 34.x |
| fedoraproject / fedora | 35 | 35.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| suse / linux_enterprise | 12.0 | 12.0.x |
| suse / linux_enterprise | 15.0 | 15.0.x |
| opensuse / leap | 15.2 | 15.2.x |
date
|
3.2.0 | 3.2.1 |
|
date
|
3.1.0 | 3.1.2 |
|
date
|
3.0.0 | 3.0.2 |
|
date
|
- | 2.0.1 |
- https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0
- https://hackerone.com/reports/1254844
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
- https://security.gentoo.org/glsa/202401-27
- https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/