CVE-2021-41819 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Content spoofing
Description	A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. This is the same issue of CVE-2020-8184.

Group	Package	Affected	Fixed	Severity	Status
AVG-2557	ruby2.6	2.6.8-2		Medium	Unknown
AVG-2556	ruby2.7	2.7.4-2	2.7.5-1	Medium	Fixed
AVG-2555	ruby	3.0.2-2	3.0.3-1	Medium	Fixed

References
https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-6-9-released/ https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5

References

https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/
https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-6-9-released/
https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5