{"id":"USN-5020-1","summary":"ruby2.3, ruby2.5, ruby2.7 vulnerabilities","details":"It was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could possibly use this issue to execute arbitrary code.\n(CVE-2021-31799)\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could possibly use this issue to conduct\nport scans and service banner extractions. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-31810)\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could possibly use this issue to perform\nmachine-in-the-middle attackers to bypass the TLS protection.\n(CVE-2021-32066)\n","modified":"2026-04-22T10:16:02.600267Z","published":"2021-07-21T14:20:02Z","related":["UBUNTU-CVE-2021-31799","UBUNTU-CVE-2021-31810","UBUNTU-CVE-2021-32066"],"upstream":["CVE-2021-31799","CVE-2021-31810","CVE-2021-32066","UBUNTU-CVE-2021-31799","UBUNTU-CVE-2021-31810","UBUNTU-CVE-2021-32066"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5020-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-31799"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-31810"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32066"}],"affected":[{"package":{"name":"ruby2.3","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ruby2.3@2.3.1-2~ubuntu16.04.16+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1-2~ubuntu16.04.16+esm1"}]}],"versions":["2.3.0-1","2.3.0-2","2.3.0-4ubuntu2","2.3.0-4ubuntu3","2.3.0-5ubuntu1","2.3.1-2~16.04","2.3.1-2~16.04.2","2.3.1-2~16.04.4","2.3.1-2~16.04.5","2.3.1-2~16.04.6","2.3.1-2~16.04.7","2.3.1-2~16.04.9","2.3.1-2~16.04.10","2.3.1-2~16.04.11","2.3.1-2~16.04.12","2.3.1-2~ubuntu16.04.13","2.3.1-2~ubuntu16.04.14","2.3.1-2~ubuntu16.04.15","2.3.1-2~ubuntu16.04.16"],"ecosystem_specific":{"binaries":[{"binary_version":"2.3.1-2~ubuntu16.04.16+esm1","binary_name":"libruby2.3"},{"binary_version":"2.3.1-2~ubuntu16.04.16+esm1","binary_name":"ruby2.3"},{"binary_version":"2.3.1-2~ubuntu16.04.16+esm1","binary_name":"ruby2.3-tcltk"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2021-31799","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-31810","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-32066","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5020-1.json"}},{"package":{"name":"ruby2.5","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ruby2.5@2.5.1-1ubuntu1.10?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.1-1ubuntu1.10"}]}],"versions":["2.5.0~preview1-1ubuntu2","2.5.0-4ubuntu1","2.5.0-4ubuntu4","2.5.0-5ubuntu1","2.5.0-6ubuntu1","2.5.1-1ubuntu1","2.5.1-1ubuntu1.1","2.5.1-1ubuntu1.2","2.5.1-1ubuntu1.4","2.5.1-1ubuntu1.5","2.5.1-1ubuntu1.6","2.5.1-1ubuntu1.7","2.5.1-1ubuntu1.8","2.5.1-1ubuntu1.9"],"ecosystem_specific":{"binaries":[{"binary_version":"2.5.1-1ubuntu1.10","binary_name":"libruby2.5"},{"binary_version":"2.5.1-1ubuntu1.10","binary_name":"ruby2.5"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2021-31799","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-31810","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-32066","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5020-1.json"}},{"package":{"name":"ruby2.7","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ruby2.7@2.7.0-5ubuntu1.5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-5ubuntu1.5"}]}],"versions":["2.7.0-1","2.7.0-2","2.7.0-3","2.7.0-4","2.7.0-4ubuntu1","2.7.0-5ubuntu1","2.7.0-5ubuntu1.1","2.7.0-5ubuntu1.2","2.7.0-5ubuntu1.3","2.7.0-5ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_version":"2.7.0-5ubuntu1.5","binary_name":"libruby2.7"},{"binary_version":"2.7.0-5ubuntu1.5","binary_name":"ruby2.7"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-31799","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-31810","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-32066","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5020-1.json"}}],"schema_version":"1.7.5"}