Improper Authentication Affecting cgi package, versions >=0.3.0, <0.3.1 >=0.2.0, <0.2.1 <0.1.1
Snyk CVSS
Attack Complexity
Low
Integrity
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.39% (73rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-CGI-2359027
- published 23 Jan 2022
- disclosed 21 Jan 2022
- credit ooooooo_q
Introduced: 21 Jan 2022
CVE-2021-41819 Open this link in a new tabHow to fix?
Upgrade cgi
to version 0.3.1, 0.2.1, 0.1.1 or higher.
Overview
cgi is a Support for the Common Gateway Interface protocol.
Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse
mishandles security prefixes in cookie names by applying URL decoding to cookie names.
An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application.