CVE-2021-32740

NameCVE-2021-32740
DescriptionAddressable is an alternative implementation to the URI implementation ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs990791

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-addressable (PTS)jessie2.3.6-1vulnerable
stretch2.4.0-1vulnerable
buster2.5.2-1vulnerable
bookworm, bullseye2.7.0-2fixed
sid2.8.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-addressablesourcejessie(unfixed)end-of-life
ruby-addressablesource(unstable)2.7.0-2990791

Notes

[stretch] - ruby-addressable <no-dsa> (Minor issue)
https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76

Search for package or bug name: Reporting problems