CVE-2021-31810

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-31810

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31810.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-31810

Aliases

Downstream

ALPINE-CVE-2021-31810

DEBIAN-CVE-2021-31810

DLA-2780-1

DLA-3408-1

DSA-5066-1

OESA-2021-1306

RHSA-2021:3020

RHSA-2021:3559

RHSA-2021:3982

RHSA-2022:0543

RHSA-2022:0544

RHSA-2022:0581

RHSA-2022:0582

RHSA-2022:0672

RHSA-2022:0708

SUSE-SU-2021:3837-1

SUSE-SU-2021:3838-1

SUSE-SU-2022:15034-1

SUSE-SU-2022:1512-1

UBUNTU-CVE-2021-31810

USN-5020-1

openSUSE-SU-2021:1535-1

openSUSE-SU-2021:3838-1

openSUSE-SU-2024:11622-1

openSUSE-SU-2024:11623-1

openSUSE-SU-2024:11786-1

openSUSE-SU-2024:12712-1

openSUSE-SU-2024:13623-1

openSUSE-SU-2025:14621-1

Related

Published

2021-07-13T13:15:09Z

Modified

2025-08-09T20:01:27Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).

References

Affected packages