Description

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Remediation

References

CVE-2021-41819

Related Vulnerabilities

WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6)

Artifactory Insufficiently Protected Credentials Vulnerability (CVE-2020-2165)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)

Envoy Proxy CVE-2024-23324 Vulnerability (CVE-2024-23324)

WordPress Plugin Flexi Quote Rotator SQL Injection and Cross-Site Request Forgery Vulnerabilities (0.9)

Severity

High

Classification

CVE-2021-41819 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities