Vulnerability Name:

CVE-2021-28965 (CCN-200534)

Assigned:2021-04-05
Published:2021-04-05
Updated:2021-06-02
Summary:The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-611
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2021-28965

Source: XF
Type: UNKNOWN
ruby-cve202128965-sec-bypass(200534)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-7b8b65bc7a

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210528-0003/

Source: CCN
Type: IBM Security Bulletin 6498497 (Cloud Foundry Migration Runtime)
Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Source: CCN
Type: Ruby Web site
CVE-2021-28965: XML round-trip vulnerability in REXML

Source: MISC
Type: Vendor Advisory
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ruby-lang:rexml:*:*:*:*:*:ruby:*:* (Version < 3.2.5)
  • OR cpe:/a:ruby-lang:ruby:*:*:*:*:*:*:*:* (Version < 2.6.7)
  • OR cpe:/a:ruby-lang:ruby:*:*:*:*:*:*:*:* (Version >= 2.7.0 and < 2.7.3)
  • OR cpe:/a:ruby-lang:ruby:*:*:*:*:*:*:*:* (Version >= 3.0.0 and < 3.0.1)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7660
    P
    		libruby2_5-2_5-2.5.9-150000.4.26.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3070
    P
    		freeradius-server-3.0.19-1.48 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3388
    P
    		ucode-intel-20191112-1.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95205
    P
    		libmwaw-0_3-3-0.3.20-4.14.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94700
    P
    		libruby2_5-2_5-2.5.9-150000.4.23.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94500
    P
    		autofs-5.1.3-150000.7.11.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:193
    P
    		libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:112814
    P
    		libruby2_7-2_7-2.7.3-3.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:112817
    P
    		libruby3_0-3_0-3.0.1-3.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106283
    P
    		libruby2_7-2_7-2.7.3-3.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:106284
    P
    		libruby3_0-3_0-3.0.1-3.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:101918
    P
    		Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)
    2021-09-16
    oval:org.opensuse.security:def:1122
    P
    		Security update for jetty-minimal (Moderate)
    2021-08-25
    oval:org.opensuse.security:def:71952
    P
    		libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101213
    P
    		libplist++-devel-2.0.0-1.31 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100969
    P
    		libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62211
    P
    		libruby2_5-2_5-2.5.9-4.17.1 on GA media (Moderate)
    2021-08-09
    oval:com.redhat.rhsa:def:20212584
    P
    		RHSA-2021:2584: ruby:2.7 security, bug fix, and enhancement update (Moderate)
    2021-06-29
    oval:com.redhat.rhsa:def:20212587
    P
    		RHSA-2021:2587: ruby:2.5 security, bug fix, and enhancement update (Moderate)
    2021-06-29
    oval:com.redhat.rhsa:def:20212588
    P
    		RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate)
    2021-06-29
    oval:org.opensuse.security:def:111344
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-24
    oval:org.opensuse.security:def:93561
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:100268
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:64477
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:94369
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:73599
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:93731
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:100598
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:66746
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:42063
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:75814
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:107879
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:93946
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:5657
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:117394
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:93404
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:99933
    P
    		 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:108584
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:96864
    P
    		Security update for ruby2.5 (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:94157
    P
    		 (Moderate)
    2021-04-20
    BACK
    ruby-lang rexml *
    ruby-lang ruby *
    ruby-lang ruby *
    ruby-lang ruby *
    fedoraproject fedora 34