Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
| Software | From | Fixed in |
|---|---|---|
| ruby-lang / ruby | 3.0.0 | 3.0.3 |
| ruby-lang / ruby | 2.7.0 | 2.7.5 |
| ruby-lang / cgi | 0.3.0 | 0.3.0.x |
| ruby-lang / cgi | 0.2.0 | 0.2.0.x |
| ruby-lang / cgi | 0.1.0 | 0.1.0.x |
| ruby-lang / ruby | - | 2.6.8.x |
| redhat / enterprise_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| suse / linux_enterprise | 12.0 | 12.0.x |
| suse / linux_enterprise | 15.0 | 15.0.x |
| suse / linux_enterprise | 11.0-sp1 | 11.0-sp1.x |
| opensuse / leap | 15.2 | 15.2.x |
| fedoraproject / fedora | 34 | 34.x |
| fedoraproject / fedora | 35 | 35.x |
cgi
|
0.3.0 | 0.3.0.x |
|
cgi
|
0.3.0 | 0.3.1 |
|
cgi
|
0.2.0 | 0.2.0.x |
|
cgi
|
0.2.0 | 0.2.1 |
|
cgi
|
- | 0.1.0.1 |
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41819.yml
- https://hackerone.com/reports/910552
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
- https://security.gentoo.org/glsa/202401-27
- https://security.netapp.com/advisory/ntap-20220121-0003/
- https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/