High severityNVD Advisory· Published Jan 1, 2022· Updated Aug 4, 2024
CVE-2021-41817
CVE-2021-41817
Description
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dateRubyGems | >= 3.2.0, < 3.2.1 | 3.2.1 |
dateRubyGems | >= 3.1.0, < 3.1.2 | 3.1.2 |
dateRubyGems | >= 3.0.0, < 3.0.2 | 3.0.2 |
dateRubyGems | < 2.0.1 | 2.0.1 |
Affected products
83- Ruby/date gemdescription
- osv-coords82 versionspkg:bitnami/rubypkg:bitnami/ruby-minpkg:gem/datepkg:rpm/almalinux/rubypkg:rpm/almalinux/ruby-default-gemspkg:rpm/almalinux/ruby-develpkg:rpm/almalinux/ruby-docpkg:rpm/almalinux/rubygem-abrtpkg:rpm/almalinux/rubygem-abrt-docpkg:rpm/almalinux/rubygem-bigdecimalpkg:rpm/almalinux/rubygem-bsonpkg:rpm/almalinux/rubygem-bson-docpkg:rpm/almalinux/rubygem-bundlerpkg:rpm/almalinux/rubygem-bundler-docpkg:rpm/almalinux/rubygem-did_you_meanpkg:rpm/almalinux/rubygem-io-consolepkg:rpm/almalinux/rubygem-irbpkg:rpm/almalinux/rubygem-jsonpkg:rpm/almalinux/rubygem-minitestpkg:rpm/almalinux/rubygem-mongopkg:rpm/almalinux/rubygem-mongo-docpkg:rpm/almalinux/rubygem-mysql2pkg:rpm/almalinux/rubygem-mysql2-docpkg:rpm/almalinux/rubygem-net-telnetpkg:rpm/almalinux/rubygem-opensslpkg:rpm/almalinux/rubygem-pgpkg:rpm/almalinux/rubygem-pg-docpkg:rpm/almalinux/rubygem-power_assertpkg:rpm/almalinux/rubygem-psychpkg:rpm/almalinux/rubygem-rakepkg:rpm/almalinux/rubygem-rbspkg:rpm/almalinux/rubygem-rdocpkg:rpm/almalinux/rubygem-rexmlpkg:rpm/almalinux/rubygem-rsspkg:rpm/almalinux/rubygemspkg:rpm/almalinux/rubygems-develpkg:rpm/almalinux/rubygem-test-unitpkg:rpm/almalinux/rubygem-typeprofpkg:rpm/almalinux/rubygem-xmlrpcpkg:rpm/almalinux/ruby-irbpkg:rpm/almalinux/ruby-libspkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/ruby2.7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.3&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby4.0&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ruby2.5&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/ruby2.5&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/ruby2.5&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Server%204.2
>= 2.6.0, < 2.6.9+ 81 more
- (no CPE)range: >= 2.6.0, < 2.6.9
- (no CPE)range: >= 2.6.0, < 2.6.9
- (no CPE)range: >= 3.2.0, < 3.2.1
- (no CPE)range: < 2.6.9-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 2.7.6-138.module_el8.6.0+3263+904da987
- (no CPE)range: < 2.6.9-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 2.6.9-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 0.3.0-4.module_el8.5.0+259+8cec6917
- (no CPE)range: < 0.3.0-4.module_el8.5.0+259+8cec6917
- (no CPE)range: < 1.4.1-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 4.5.0-1.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 4.5.0-1.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 1.17.2-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 1.16.1-4.module_el8.5.0+2625+ec418553
- (no CPE)range: < 1.3.0-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 0.4.7-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 1.0.0-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 2.1.0-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 5.11.3-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 2.8.0-1.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 2.8.0-1.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 0.5.2-1.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 0.5.2-1.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 0.2.0-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 2.1.2-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 1.1.4-1.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 1.1.4-1.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 1.1.3-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 3.1.0-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 12.3.3-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 1.4.0-141.module_el8.6.0+3263+41cde0c0
- (no CPE)range: < 6.1.2.1-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 3.2.5-141.module_el8.6.0+3263+41cde0c0
- (no CPE)range: < 0.2.9-141.module_el8.6.0+3263+41cde0c0
- (no CPE)range: < 3.0.3.1-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 3.0.3.1-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 3.2.9-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 0.15.2-141.module_el8.6.0+3263+41cde0c0
- (no CPE)range: < 0.3.0-108.module_el8.5.0+250+ba22dbf7
- (no CPE)range: < 2.5.9-110.module_el8.6.0+3074+4b08f9d4
- (no CPE)range: < 2.6.9-108.module_el8.5.0+2623+08a8ba32
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.7.5-1.1
- (no CPE)range: < 3.0.3-1.1
- (no CPE)range: < 3.1.0-1.1
- (no CPE)range: < 3.2.1-1.1
- (no CPE)range: < 3.3.0-1.2
- (no CPE)range: < 3.4.1-1.1
- (no CPE)range: < 4.0.0~preview2-1.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.23.1
- (no CPE)range: < 2.5.9-150000.4.29.1
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-qg54-694p-wgppghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2021-41817ghsaADVISORY
- security.gentoo.org/glsa/202401-27ghsavendor-advisoryWEB
- github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/date/CVE-2021-41817.ymlghsaWEB
- hackerone.com/reports/1254844ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWNghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZFghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWNghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZFghsaWEB
- www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817ghsaWEB
- www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/mitre
News mentions
0No linked articles in our index yet.