Improper Authentication Affecting cgi Open this link in a new tab package, versions >=0.3.0, <0.3.1 >=0.2.0, <0.2.1 <0.1.1
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
23 Jan 2022
21 Jan 2022
How to fix?
cgi to version 0.3.1, 0.2.1, 0.1.1 or higher.
cgi is a Support for the Common Gateway Interface protocol.
Affected versions of this package are vulnerable to Improper Authentication.
CGI::Cookie.parse mishandles security prefixes in cookie names by applying URL decoding to cookie names.
An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application.