{"id":"MGASA-2021-0124","summary":"Updated ruby-mechanize packages fix a security vulnerability","details":"In Mechanize, from v2.0.0 until v2.7.7, there is a command injection\nvulnerability. Affected versions of Mechanize allow for OS commands to be\ninjected using several classes' methods which implicitly use Ruby's Kernel#open\nmethod (CVE-2021-21289).\n","modified":"2026-04-16T04:41:10.558859986Z","published":"2021-03-12T01:25:47Z","upstream":["CVE-2021-21289"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0124.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28448"},{"type":"WEB","url":"https://www.debian.org/lts/security/2021/dla-2561"}],"affected":[{"package":{"name":"ruby-mechanize","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ruby-mechanize?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0124.json"}},{"package":{"name":"ruby-mechanize","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ruby-mechanize?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-3.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0124.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}