Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2021-41819 - CERT CVE
CVE-2021-41819
ID
CVE-2021-41819
Sažetak
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Reference
https://hackerone.com/reports/910552
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20220121-0003/
https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
https://hackerone.com/reports/910552
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20220121-0003/
https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
CVSS
Base:
5.0
Impact:
2.9
Exploitability:
10.0
Pristup
Vektor
Složenost
Autentikacija
NETWORK
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
PARTIAL
NONE
CVSS vektor
AV:N/AC:L/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje
22-05-2025 - 15:15
Objavljeno
01-01-2022 - 06:15
