CVE-2021-41819 log

Severity Medium
Remote Yes
Type Content spoofing
A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. This is the same issue of CVE-2020-8184.
Group Package Affected Fixed Severity Status Ticket
AVG-2557 ruby2.6 2.6.8-2 Medium Unknown
AVG-2556 ruby2.7 2.7.4-2 2.7.5-1 Medium Fixed
AVG-2555 ruby 3.0.2-2 3.0.3-1 Medium Fixed