CVE-2021-3779 (ruby-mysql): ruby-mysql Client File Read

ADVISORIES

CVE-2021-3779 (NVD)
GHSA-73pr-g6jj-5hc9
Vendor Advisory

GEM

ruby-mysql

SEVERITY

CVSS v3.x: 6.5 (Medium)

PATCHED VERSIONS

>= 2.10.0

DESCRIPTION

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.

https://github.com/rubysec/ruby-advisory-db/issues/507
https://my.diffend.io/gems/ruby-mysql/2.9.14/2.10.0#d2h-806753-331

RubySec

CVE-2021-3779 (ruby-mysql): ruby-mysql Client File Read

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories