2 matches found
Improper Input Validation
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of CGI::Cookie content, which allows an attacker to inject invalid attributes in the Set-Cookie header and insert a newline...
Improper Authentication
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability t...