We found results for “


Good to know:


Date: May 7, 2021

A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”

Language: Ruby

Severity Score

Severity Score

Top Fix


Upgrade Version

Upgrade to version v2_6_8, v2_7_4, v3_0_2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privilegs Required (PR): NONE
User Interaction (UI): NONE
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us