PT-2021-7376 · Ruby+11 · Ruby+11
Oooooo_Q
·
Published
2021-11-24
·
Updated
2025-12-12
·
CVE-2021-41819
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Ruby versions through 2.6.8
CGI gem versions through 0.3.0
Description
The issue is related to the CGI::Cookie.parse function in Ruby, which mishandles security prefixes in cookie names. This allows a remote attacker to impact data integrity. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations
For Ruby versions through 2.6.8, update to a version later than 2.6.8 to resolve the issue.
For CGI gem versions through 0.3.0, update to a version later than 0.3.0 to resolve the issue.
As a temporary workaround, consider restricting the use of the
CGI::Cookie.parse function until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Cgi Gem
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Ruby
Suse
Ubuntu