RHSA-2021:3982
Advisory lineage Upstream: 4 Downstream: 0
Published: 13 Sept 2024, 20:31
Last modified:21 Apr 2026, 10:01
Vulnerability Summary
Overall Risk (default)
medium
35/100 CVSS Score
8.8 HIGH
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
13 Sept 2024, 20:31
Published
Vulnerability first disclosed
21 Apr 2026, 10:01
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: rh-ruby30-ruby security update
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Systems
- redhat•rh-ruby30-ruby
< 0:3.0.2-148.el7
- redhat•rh-ruby30-ruby-debuginfo
< 0:3.0.2-148.el7
- redhat•rh-ruby30-ruby-default-gems
< 0:3.0.2-148.el7
- redhat•rh-ruby30-ruby-devel
< 0:3.0.2-148.el7
- redhat•rh-ruby30-ruby-doc
< 0:3.0.2-148.el7
- redhat•rh-ruby30-ruby-libs
< 0:3.0.2-148.el7
- redhat•rh-ruby30-rubygem-bigdecimal
< 0:3.0.0-148.el7
- redhat•rh-ruby30-rubygem-bundler
< 0:2.2.22-148.el7
- redhat•rh-ruby30-rubygem-io-console
< 0:0.5.7-148.el7
- redhat•rh-ruby30-rubygem-irb
< 0:1.3.5-148.el7
- redhat•rh-ruby30-rubygem-json
< 0:2.5.1-148.el7
- redhat•rh-ruby30-rubygem-minitest
< 0:5.14.2-148.el7
- redhat•rh-ruby30-rubygem-power_assert
< 0:1.2.0-148.el7
- redhat•rh-ruby30-rubygem-psych
< 0:3.3.0-148.el7
- redhat•rh-ruby30-rubygem-rake
< 0:13.0.3-148.el7
- redhat•rh-ruby30-rubygem-rbs
< 0:1.0.4-148.el7
- redhat•rh-ruby30-rubygem-rexml
< 0:3.2.5-148.el7
- redhat•rh-ruby30-rubygem-rss
< 0:0.2.9-148.el7
- redhat•rh-ruby30-rubygem-test-unit
< 0:3.3.7-148.el7
- redhat•rh-ruby30-rubygem-typeprof
< 0:0.12.0-148.el7
- redhat•rh-ruby30-rubygems
< 0:3.2.22-148.el7
- redhat•rh-ruby30-rubygems-devel
< 0:3.2.22-148.el7
References (24)
- https://access.redhat.com/errata/RHSA-2021:3982
- https://access.redhat.com/security/updates/classification/#important
- https://bugzilla.redhat.com/show_bug.cgi?id=1958999
- https://bugzilla.redhat.com/show_bug.cgi?id=1980126
- https://bugzilla.redhat.com/show_bug.cgi?id=1980128
- https://bugzilla.redhat.com/show_bug.cgi?id=1980132
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3982.json
- https://access.redhat.com/security/cve/CVE-2020-36327
- https://www.cve.org/CVERecord?id=CVE-2020-36327
- https://nvd.nist.gov/vuln/detail/CVE-2020-36327
- https://access.redhat.com/articles/6206172
- https://www.zofrex.com/blog/2021/04/29/bundler-still-vulnerable-dependency-confusion-cve-2020-36327/
- https://access.redhat.com/security/cve/CVE-2021-31799
- https://www.cve.org/CVERecord?id=CVE-2021-31799
- https://nvd.nist.gov/vuln/detail/CVE-2021-31799
- https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
- https://access.redhat.com/security/cve/CVE-2021-31810
- https://www.cve.org/CVERecord?id=CVE-2021-31810
- https://nvd.nist.gov/vuln/detail/CVE-2021-31810
- https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://access.redhat.com/security/cve/CVE-2021-32066
- https://www.cve.org/CVERecord?id=CVE-2021-32066
- https://nvd.nist.gov/vuln/detail/CVE-2021-32066
- https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/