CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
ruby-langcgi
0.1.0
ruby-langcgi
0.2.0
ruby-langcgi
0.3.0
ruby-langruby
𝑥
≤ 2.6.8
ruby-langruby
2.7.0 ≤
𝑥
< 2.7.5
ruby-langruby
3.0.0 ≤
𝑥
< 3.0.3
redhatsoftware_collections
-
redhatenterprise_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
suselinux_enterprise
11.0:sp1
suselinux_enterprise
12.0
suselinux_enterprise
15.0
opensusefactory
-
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby2.7
bullseye
2.7.4-1+deb11u1
fixed
bullseye (security)
2.7.4-1+deb11u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby2.3
trusty
ignored
xenial
Fixed 2.3.1-2~ubuntu16.04.16+esm2
released
ruby2.5
bionic
Fixed 2.5.1-1ubuntu1.11
released
trusty
ignored
xenial
ignored
ruby2.7
focal
Fixed 2.7.0-5ubuntu1.6
released
hirsute
Fixed 2.7.2-4ubuntu1.3
released
impish
Fixed 2.7.4-1ubuntu3.1
released
trusty
ignored
xenial
ignored
ruby3.0
jammy
Fixed 3.0.2-7ubuntu2
released
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libruby2_5-2_5
suse enterprise desktop 15 SP3
2.5.9-150000.4.26.1
fixed
suse enterprise desktop 15 SP4
2.5.9-150000.4.26.1
fixed
suse enterprise desktop 15 SP5
2.5.9-150000.4.26.1
fixed
suse enterprise desktop 15 SP6
2.5.9-150000.4.26.1
fixed
suse enterprise desktop 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise sap 15 SP3
2.5.9-150000.4.26.1
fixed
suse enterprise sap 15 SP4
2.5.9-150000.4.26.1
fixed
suse enterprise sap 15 SP5
2.5.9-150000.4.26.1
fixed
suse enterprise sap 15 SP6
2.5.9-150000.4.26.1
fixed
suse enterprise sap 15 SP7
2.5.9-150700.22.16
fixed
suse enterprise server 15 SP3
2.5.9-150000.4.26.1
fixed
suse enterprise server 15 SP4
2.5.9-150000.4.26.1
fixed
suse enterprise server 15 SP5
2.5.9-150000.4.26.1
fixed
suse enterprise server 15 SP6
2.5.9-150000.4.26.1
fixed
suse enterprise server 15 SP7
2.5.9-150700.22.16
fixed
libruby3_4-3_4
suse enterprise desktop 15 SP7
3.4.1-150700.1.11
fixed
suse enterprise sap 15 SP7
3.4.1-150700.1.11
fixed
suse enterprise server 15 SP7
3.4.1-150700.1.11
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-debuginfo
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-devel
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-doc
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-irb
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-libs
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
ruby-tcltk
Amazon Linux 2
0:2.0.0.648-36.amzn2.0.7
fixed
rubygem-bigdecimal
Amazon Linux 2
0:1.2.0-36.amzn2.0.7
fixed
rubygem-io-console
Amazon Linux 2
0:0.4.2-36.amzn2.0.7
fixed
rubygem-json
Amazon Linux 2
0:1.7.7-36.amzn2.0.7
fixed
rubygem-minitest
Amazon Linux 2
0:4.3.2-36.amzn2.0.7
fixed
rubygem-psych
Amazon Linux 2
0:2.0.0-36.amzn2.0.7
fixed
rubygem-rake
Amazon Linux 2
0:0.9.6-36.amzn2.0.7
fixed
rubygem-rdoc
Amazon Linux 2
0:4.0.0-36.amzn2.0.7
fixed
rubygems
Amazon Linux 2
0:2.0.14.1-36.amzn2.0.7
fixed
rubygems-devel
Amazon Linux 2
0:2.0.14.1-36.amzn2.0.7
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
ruby
CBL-Mariner 2.0
0:3.1.2-2.cm2
fixed