Improper Authentication Affecting cgi Open this link in a new tab package, versions >=0.3.0, <0.3.1 >=0.2.0, <0.2.1 <0.1.1


0.0
high
  • Exploit Maturity

    Proof of concept

  • Attack Complexity

    Low

  • Integrity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-RUBY-CGI-2359027

  • published

    23 Jan 2022

  • disclosed

    21 Jan 2022

  • credit

    ooooooo_q

How to fix?

Upgrade cgi to version 0.3.1, 0.2.1, 0.1.1 or higher.

Overview

cgi is a Support for the Common Gateway Interface protocol.

Affected versions of this package are vulnerable to Improper Authentication. CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application.