RHSA-2021:3559
Advisory lineage Upstream: 4 Downstream: 0
Published: 13 Sept 2024, 20:30
Last modified:21 Apr 2026, 10:01
Vulnerability Summary
Overall Risk (default)
medium
35/100 CVSS Score
8.8 HIGH
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
13 Sept 2024, 20:30
Published
Vulnerability first disclosed
21 Apr 2026, 10:01
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: rh-ruby27-ruby security update
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Systems
- redhat•rh-ruby27-ruby
< 0:2.7.4-130.el7
- redhat•rh-ruby27-ruby-debuginfo
< 0:2.7.4-130.el7
- redhat•rh-ruby27-ruby-devel
< 0:2.7.4-130.el7
- redhat•rh-ruby27-ruby-doc
< 0:2.7.4-130.el7
- redhat•rh-ruby27-ruby-libs
< 0:2.7.4-130.el7
- redhat•rh-ruby27-rubygem-bigdecimal
< 0:2.0.0-130.el7
- redhat•rh-ruby27-rubygem-bundler
< 0:2.2.24-130.el7
- redhat•rh-ruby27-rubygem-did_you_mean
< 0:1.4.0-130.el7
- redhat•rh-ruby27-rubygem-io-console
< 0:0.5.6-130.el7
- redhat•rh-ruby27-rubygem-irb
< 0:1.2.6-130.el7
- redhat•rh-ruby27-rubygem-json
< 0:2.3.0-130.el7
- redhat•rh-ruby27-rubygem-minitest
< 0:5.13.0-130.el7
- redhat•rh-ruby27-rubygem-net-telnet
< 0:0.2.0-130.el7
- redhat•rh-ruby27-rubygem-openssl
< 0:2.1.2-130.el7
- redhat•rh-ruby27-rubygem-power_assert
< 0:1.1.7-130.el7
- redhat•rh-ruby27-rubygem-psych
< 0:3.1.0-130.el7
- redhat•rh-ruby27-rubygem-racc
< 0:1.4.16-130.el7
- redhat•rh-ruby27-rubygem-rake
< 0:13.0.1-130.el7
- redhat•rh-ruby27-rubygem-rdoc
< 0:6.2.1.1-130.el7
- redhat•rh-ruby27-rubygem-test-unit
< 0:3.3.4-130.el7
- redhat•rh-ruby27-rubygem-xmlrpc
< 0:0.3.0-130.el7
- redhat•rh-ruby27-rubygems
< 0:3.1.6-130.el7
- redhat•rh-ruby27-rubygems-devel
< 0:3.1.6-130.el7
References (24)
- https://access.redhat.com/errata/RHSA-2021:3559
- https://access.redhat.com/security/updates/classification/#important
- https://bugzilla.redhat.com/show_bug.cgi?id=1958999
- https://bugzilla.redhat.com/show_bug.cgi?id=1980126
- https://bugzilla.redhat.com/show_bug.cgi?id=1980128
- https://bugzilla.redhat.com/show_bug.cgi?id=1980132
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3559.json
- https://access.redhat.com/security/cve/CVE-2020-36327
- https://www.cve.org/CVERecord?id=CVE-2020-36327
- https://nvd.nist.gov/vuln/detail/CVE-2020-36327
- https://access.redhat.com/articles/6206172
- https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/
- https://access.redhat.com/security/cve/CVE-2021-31799
- https://www.cve.org/CVERecord?id=CVE-2021-31799
- https://nvd.nist.gov/vuln/detail/CVE-2021-31799
- https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
- https://access.redhat.com/security/cve/CVE-2021-31810
- https://www.cve.org/CVERecord?id=CVE-2021-31810
- https://nvd.nist.gov/vuln/detail/CVE-2021-31810
- https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://access.redhat.com/security/cve/CVE-2021-32066
- https://www.cve.org/CVERecord?id=CVE-2021-32066
- https://nvd.nist.gov/vuln/detail/CVE-2021-32066
- https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/