Vulnerabilities (CVE)

Filtered by vendor Ruby-lang Subscribe

Filtered by product Cgi

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-33621	2 Fedoraproject, Ruby-lang	3 Fedora, Cgi, Ruby	2023-08-08	N/A	8.8 HIGH
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2021-41819	6 Debian, Fedoraproject, Opensuse and 3 more	9 Debian Linux, Fedora, Factory and 6 more	2022-05-08	5.0 MEDIUM	7.5 HIGH
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.