CVE-2021-41819
01.01.2022, 06:15
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ruby-lang | cgi | 0.1.0 |
| ruby-lang | cgi | 0.2.0 |
| ruby-lang | cgi | 0.3.0 |
| ruby-lang | ruby | 𝑥 ≤ 2.6.8 |
| ruby-lang | ruby | 2.7.0 ≤ 𝑥 < 2.7.5 |
| ruby-lang | ruby | 3.0.0 ≤ 𝑥 < 3.0.3 |
| redhat | software_collections | - |
| redhat | enterprise_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| suse | linux_enterprise | 11.0:sp1 |
| suse | linux_enterprise | 12.0 |
| suse | linux_enterprise | 15.0 |
| opensuse | factory | - |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ruby2.3 |
| ||||||||||
| ruby2.5 |
| ||||||||||
| ruby2.7 |
| ||||||||||
| ruby3.0 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libruby2_5-2_5 |
| ||||||||||||||||||||||||||||||
| libruby3_4-3_4 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| ruby |
| ||
| ruby-debuginfo |
| ||
| ruby-devel |
| ||
| ruby-doc |
| ||
| ruby-irb |
| ||
| ruby-libs |
| ||
| ruby-tcltk |
| ||
| rubygem-bigdecimal |
| ||
| rubygem-io-console |
| ||
| rubygem-json |
| ||
| rubygem-minitest |
| ||
| rubygem-psych |
| ||
| rubygem-rake |
| ||
| rubygem-rdoc |
| ||
| rubygems |
| ||
| rubygems-devel |
|
References