CVE-2021-41819
gem/cgi
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
CGI::Cookie.parse in Ruby mishandles security prefixes in cookie names. This also affects the CGI gem for Ruby.
All versions starting from 0.1.0 up to 0.3.0
Upgrade to version 0.3.1 or above.
2022-01-13
source |