---

CVE-2021-41819 - log back

CVE-2021-41819 edited at 24 Nov 2021 17:30:28
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Content spoofing
Description	+ A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. This is the same issue of CVE-2020-8184.
References	+ https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ + https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ + https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ + https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-6-9-released/ + https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5

CVE-2021-41819 created at 24 Nov 2021 17:19:02
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes