Moderate severityNVD Advisory· Published Jun 28, 2022· Updated Sep 17, 2024
Ruby-MySQL Gem Client File Read
CVE-2021-3779
Description
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-mysqlRubyGems | < 2.10.0 | 2.10.0 |
Affected products
2- Tomita Masahiro/ruby-mysqlv5Range: 2.9.14
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-73pr-g6jj-5hc9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3779ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-mysql/CVE-2021-3779.ymlghsaWEB
- www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixedghsaWEB
- www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.