Описание
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 2.3.1-2~ubuntu16.04.16+esm4 |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | released | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.5.1-1ubuntu1.13 |
| esm-infra/bionic | not-affected | 2.5.1-1ubuntu1.13 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | not-affected | 2.7.0-5ubuntu1.8 |
| focal | released | 2.7.0-5ubuntu1.8 |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 3.0.2-7ubuntu2.3 |
| kinetic | released | 3.0.4-7ubuntu0.1 |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | released | 3.1.2-2ubuntu0.22.10.1 |
| lunar | not-affected | 3.1.2-6 |
| mantic | not-affected | 3.1.2-6 |
| noble | DNE | |
| oracular | DNE |
Показывать по
Ссылки на источники
8.8 High
CVSS3
Связанные уязвимости
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...
Уязвимость компонента CGI языка программирования Ruby, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
8.8 High
CVSS3