GMS-2021-17: Duplicate of ./gem/cgi/CVE-2021-41816.yml

December 14, 2021

A security vulnerability that causes buffer overflow when you pass a very large string ( MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows.

Please update the cgi gem to,1,1 or later. You can use gem update cgi to update it. If you are using bundler, please add gem “cgi”, " " to your Gemfile. Alternatively, please update Ruby to

This issue has been introduced since Ruby, so the cgi version bundled with Ruby is not vulnerable.

References

github.com/advisories/GHSA-5cqm-crxm-6qpv
groups.google.com/g/ruby-security-ann/c/4MQ568ZG47c
nvd.nist.gov/vuln/detail/CVE-2021-41816

Detect and mitigate GMS-2021-17 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →