VYPR
Unrated severityNVD Advisory· Published Aug 1, 2021· Updated Aug 3, 2024

CVE-2021-32066

CVE-2021-32066

Description

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

86

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.