AZL-6861

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6861.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-6861

Upstream

CVE-2021-32066

Published

2021-08-01T19:15:07Z

Modified

2026-04-01T05:21:27.935833Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

CVE-2021-32066 affecting package ruby for versions less than 2.7.4-1

Details

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

References

https://nvd.nist.gov/vuln/detail/CVE-2021-32066

Affected packages

Azure Linux:2 / ruby

Package

Name: ruby
Purl: pkg:rpm/azure-linux/ruby

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.4-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6861.json"