CVE-2021-41816 - log back

CVE-2021-41816 edited at 24 Nov 2021 17:32:20
Description
- A security issue has been found in Ruby before versions 3.0.3 and 2.7.5. A buffer overrun vulnerability was discovered in CGI.escape_html.
+ A security issue has been found in Ruby before versions 3.0.3 and 2.7.5. A buffer overrun vulnerability was discovered in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1 when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.
CVE-2021-41816 edited at 24 Nov 2021 17:25:39
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
CVE-2021-41816 edited at 24 Nov 2021 17:25:32
Description
+ A security issue has been found in Ruby before versions 3.0.3 and 2.7.5. A buffer overrun vulnerability was discovered in CGI.escape_html.
References
+ https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
+ https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
+ https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/
+ https://hackerone.com/reports/1328463
+ https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a
CVE-2021-41816 created at 24 Nov 2021 17:19:02
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes