Описание
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 9 | ruby | Not affected | ||
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:0543 | 16.02.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:5779 | 01.08.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:6447 | 13.09.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:6450 | 13.09.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | ruby | Fixed | RHSA-2022:0581 | 21.02.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | ruby | Fixed | RHSA-2022:0582 | 21.02.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | ruby | Fixed | RHSA-2022:0544 | 16.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...
EPSS
7.5 High
CVSS3