发布时间: 2021年8月6日
修改时间: 2024年10月31日
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 7.4 | 6.5 |
| Attack Complexity | High | High |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2021-1305 | ruby security update | 2021年8月6日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | ruby | Fixed |
