OPENSUSE-SU-2021:1535-1

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2021-31799 CVE-2021-31810 CVE-2021-32066

Published: 06 Dec 2021, 12:33

Last modified:04 Feb 2026, 03:39

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Dec 2021, 12:33

Published

Vulnerability first disclosed

04 Feb 2026, 03:39

Last Modified

Vulnerability information updated

Description

Security update for ruby2.5 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). This update was imported from the SUSE:SLE-15:Update update project.

Affected Systems

opensuse•ruby2.5&distro=openSUSE Leap 15.2
< 2.5.9-lp152.2.9.1

References (7)

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SFO6LZPCK3BJ6OA3FTD3UWQI47BKDQBA/
https://bugzilla.suse.com/1188160
https://bugzilla.suse.com/1188161
https://bugzilla.suse.com/1190375
https://www.suse.com/security/cve/CVE-2021-31799
https://www.suse.com/security/cve/CVE-2021-31810
https://www.suse.com/security/cve/CVE-2021-32066