PT-2021-5297

Name of the Vulnerable Software and Affected Versions Ruby versions prior to 2.7.5 Ruby versions 3.x prior to 3.0.3 CGI gem versions prior to 0.3.1 Description The issue is caused by an integer overflow and resultant buffer overflow in the CGI.escape html function when a long string is passed to ...

Buffer Overrun in CGI.escape_html

A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...