FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6916ea94-4628-11ec-bbe2-0800270512f4rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods

Stanislav Valkanov reports:

Date's parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected.


Discovery 2021-11-15
Entry 2021-11-15
Modified 2021-11-24
ruby
ge 2.6.0,1 lt 2.6.9,1

ge 2.7.0,1 lt 2.7.5,1

ge 3.0.0,1 lt 3.0.3,1

ruby26
ge 2.6.0,1 lt 2.6.9,1

ruby27
ge 2.7.0,1 lt 2.7.5,1

ruby30
ge 3.0.0,1 lt 3.0.3,1

rubygem-date
lt 3.2.1

CVE-2021-41817
https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/