Description
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6)
Artifactory Insufficiently Protected Credentials Vulnerability (CVE-2020-2165)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)