Lucene search
FreeBSD4548EC97-4D38-11EC-A539-0800270512F4HistoryNov 24, 2021 - 12:00 a.m.
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
2021-11-2400:00:00
vuxml.freebsd.org
16
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.0%
ooooooo_q reports:
The old versions of CGI::Cookie.parse applied
URL decoding to cookie names. An attacker could exploit
this vulnerability to spoof security prefixes in cookie
names, which may be able to trick a vulnerable
application.
By this fix, CGI::Cookie.parse no longer
decodes cookie names. Note that this is an incompatibility
if cookie names that you are using include
non-alphanumeric characters that are URL-encoded.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | ruby | = 2.6.0,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby | < 2.6.9,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby26 | = 2.6.0,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby26 | < 2.6.9,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby27 | = 2.7.0,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby27 | < 2.7.5,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby30 | = 3.0.0,1 | UNKNOWN |
| FreeBSD | any | noarch | ruby30 | < 3.0.3,1 | UNKNOWN |
| FreeBSD | any | noarch | rubygem-cgi | < 0.3.1 | UNKNOWN |
Related
nessus
nessus
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2022-1761)
2022-05-26 00:00:00
EulerOS 2.0 SP8 : ruby (EulerOS-SA-2022-1361)
2022-03-28 00:00:00
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2022-1437)
2022-04-18 00:00:00
openvas
openvas
openSUSE: Security Advisory for ruby2.5 (SUSE-SU-2022:3292-1)
2022-09-17 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1361)
2022-03-29 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1613)
2022-05-05 00:00:00
prion
prion
Code injection
2022-01-01 06:15:00
suse
suse
Security update for ruby2.5 (moderate)
2022-09-16 00:00:00
cnvd
cnvd
Ruby has unspecified vulnerabilities (CNVD-2022-06510)
2021-11-29 00:00:00
cve
cve
CVE-2021-41819
2022-01-01 06:15:00
veracode
veracode
Denial Of Service (DoS)
2021-11-25 17:08:14
ubuntucve
ubuntucve
CVE-2021-41819
2022-01-01 00:00:00
osv
osv
CVE-2021-41819
2022-01-01 06:15:07
Cookie Prefix Spoofing in CGI::Cookie.parse
2022-01-21 23:22:17
BIT-ruby-2021-41819
2024-03-06 11:04:36
github
github
Cookie Prefix Spoofing in CGI::Cookie.parse
2022-01-21 23:22:17
alpinelinux
alpinelinux
CVE-2021-41819
2022-01-01 06:15:00
redhatcve
redhatcve
CVE-2021-41819
2021-11-25 19:11:16
debiancve
debiancve
CVE-2021-41819
2022-01-01 06:15:00
cbl_mariner
cbl_mariner
CVE-2021-41819 affecting package ruby 2.7.4-6
2022-04-26 20:17:12
oraclelinux
oraclelinux
ruby:2.5 security update
2022-08-03 00:00:00
ruby:2.7 security, bug fix, and enhancement update
2022-09-15 00:00:00
ruby:3.0 security, bug fix, and enhancement update
2022-09-15 00:00:00
redhat
redhat
(RHSA-2022:5779) Moderate: ruby:2.5 security update
2022-08-01 09:05:09
hackerone
hackerone
rocky
rocky
ruby:2.5 security update
2022-08-01 09:05:09
ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
ruby:3.0 security, bug fix, and enhancement update
2022-09-13 07:36:53
debian
debian
[SECURITY] [DLA 2853-1] ruby2.3 security update
2021-12-28 10:36:26
[SECURITY] [DSA 5067-1] ruby2.7 security update
2022-02-03 19:30:34
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-08-01 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:3.0 security, bug fix, and enhancement update
2022-09-13 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2022-01-18 00:00:00
cloudfoundry
cloudfoundry
USN-5235-1: Ruby vulnerabilities | Cloud Foundry
2022-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
amazon
amazon
Important: ruby
2024-02-29 10:03:00
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.0%
Related for 4548EC97-4D38-11EC-A539-0800270512F4