1. CVE-Search
  2. CVE-2021-41817
ID CVE-2021-41817
Summary Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:date:3.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:3.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:3.1.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:3.1.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:3.0.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:3.0.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:3.0.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:3.0.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:0.0.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:0.0.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:1.0.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:1.0.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:2.0.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:2.0.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:date:3.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:ruby-lang:date:3.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.8:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-01-2024 - 05:15)
Impact:
Exploitability:
CWE CWE-1333
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
Last major update 24-01-2024 - 05:15
Published 01-01-2022 - 05:15
Last modified 24-01-2024 - 05:15
Back to Top