RHSA-2021:3020: Red Hat Security Advisory: ruby:2.7 security update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es):

• rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327)
• rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799)
• ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810)
• ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2020-36327: rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source
• CVE-2021-31799: rubygem-rdoc: Command injection vulnerability in RDoc
• CVE-2021-31810: ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
• CVE-2021-32066: ruby: StartTLS stripping vulnerability in Net::IMAP