CVE-2021-28965
Summary
| CVE | CVE-2021-28965 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-21 07:15:00 UTC |
| Updated | 2023-11-07 03:32:00 UTC |
| Description | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 34 Update: rubygem-pry-0.13.1-5.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE-2021-28965: XML round-trip vulnerability in REXML | MISC | www.ruby-lang.org | |
| CVE-2021-28965 Ruby Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 34 Update: rubygem-pry-0.13.1-5.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159290 Oracle Enterprise Linux Security Update for ruby:2.5 (ELSA-2021-2587)
- 159297 Oracle Enterprise Linux Security Update for ruby:2.7 (ELSA-2021-2584)
- 159298 Oracle Enterprise Linux Security Update for ruby:2.6 (ELSA-2021-2588)
- 174934 SUSE Enterprise Linux Security Update for ruby2.5 (SUSE-SU-2021:1280-1)
- 179051 Debian Security Update for ruby2.5 (DSA 5066-1)
- 180287 Debian Security Update for ruby2.7 (CVE-2021-28965)
- 198337 Ubuntu Security Notification for Ruby vulnerability (USN-4922-1)
- 198344 Ubuntu Security Notification for Ruby vulnerability (USN-4922-2)
- 239350 Red Hat Update for rh-ruby25-ruby (RHSA-2021:2104)
- 239368 Red Hat Update for rh-ruby26-ruby (RHSA-2021:2230)
- 239369 Red Hat Update for rh-ruby27-ruby (RHSA-2021:2229)
- 239461 Red Hat Update for ruby:2.6 (RHSA-2021:2588)
- 239462 Red Hat Update for ruby:2.5 (RHSA-2021:2587)
- 239463 Red Hat Update for ruby:2.7 (RHSA-2021:2584)
- 240156 Red Hat Update for ruby:2.6 (RHSA-2022:0582)
- 281338 Fedora Security Update for ruby (FEDORA-2021-0ea39d8eb3)
- 281339 Fedora Security Update for ruby (FEDORA-2021-6385a09efc)
- 281370 Fedora Security Update for ruby (FEDORA-2021-7b8b65bc7a)
- 296053 Oracle Solaris 11.4 Support Repository Update (SRU) 35.94.4 Missing (CPUJUL2021)
- 352306 Amazon Linux Security Advisory for ruby24: ALAS-2021-1501
- 356195 Amazon Linux Security Advisory for ruby : ALASRUBY2.6-2023-006
- 356240 Amazon Linux Security Advisory for ruby : ALASRUBY3.0-2023-007
- 375475 GitLab Multiple Security Vulnerabilities(gitlab- 13-10-3)
- 377357 Alibaba Cloud Linux Security Update for ruby:2.7 (ALINUX3-SA-2021:0044)
- 500615 Alpine Linux Security Update for ruby
- 504375 Alpine Linux Security Update for ruby
- 670412 EulerOS Security Update for ruby (EulerOS-SA-2021-1987)
- 670497 EulerOS Security Update for ruby (EulerOS-SA-2021-2255)
- 670523 EulerOS Security Update for ruby (EulerOS-SA-2021-2281)
- 690169 Free Berkeley Software Distribution (FreeBSD) Security Update for gitlab (fb6e53ae-9df6-11eb-ba8c-001b217b3468)
- 690188 Free Berkeley Software Distribution (FreeBSD) Security Update for ruby (dec7e4b6-961a-11eb-9c34-080027f515ea)
- 750248 OpenSUSE Security Update for ruby2.5 (openSUSE-SU-2021:0607-1)
- 900164 CBL-Mariner Linux Security Update for ruby 2.6.6
- 901497 Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (6860-1)
- 903221 Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (4162)
- 940029 AlmaLinux Security Update for ruby:2.7 (ALSA-2021:2584)
- 940189 AlmaLinux Security Update for ruby:2.6 (ALSA-2021:2588)
- 940401 AlmaLinux Security Update for ruby:2.5 (ALSA-2021:2587)
- 960022 Rocky Linux Security Update for ruby:2.6 (RLSA-2021:2588)
- 960064 Rocky Linux Security Update for ruby:2.5 (RLSA-2021:2587)
- 960085 Rocky Linux Security Update for ruby:2.7 (RLSA-2021:2584)