Vulnerabilities > CVE-2021-41817

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2022-01-01

Updated: 2024-01-24

Summary

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

Vulnerable Configurations

Part	Description	Count
Application	Ruby-Lang Ruby Lang Date 3.1.0 Ruby Lang Date 3.1.1 Ruby Lang Date 3.0.0 Ruby Lang Date 3.0.1 Ruby Lang Date 0.0.1 Ruby Lang Date 1.0.0 Ruby Lang Date 2.0.0 Ruby Lang Date 3.2.0 Ruby Lang Ruby 3.0.0 Ruby Lang Ruby 3.0.1 Ruby Lang Ruby 3.0.2 Ruby Lang Ruby 2.7.0 Ruby Lang Ruby 2.7.1 Ruby Lang Ruby 2.7.2 Ruby Lang Ruby 2.7.3 Ruby Lang Ruby 2.7.4 Ruby Lang Ruby 2.6.0 Ruby Lang Ruby 2.6.1 Ruby Lang Ruby 2.6.2 Ruby Lang Ruby 2.6.3 Ruby Lang Ruby 2.6.4 Ruby Lang Ruby 2.6.5 Ruby Lang Ruby 2.6.6 Ruby Lang Ruby 2.6.7 Ruby Lang Ruby 2.6.8	39
Application	Redhat Redhat Software Collections -	1
Application	Opensuse Opensuse Factory -	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0	2
OS	Fedoraproject Fedoraproject Fedora 34 Fedoraproject Fedora 35	2
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0	3
OS	Suse Suse Linux Enterprise 12.0 Suse Linux Enterprise 15.0	2
OS	Opensuse Opensuse Leap 15.2	1

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.