Search CVE reports
21 – 23 of 23 results
CVE-2021-41819
Medium priorityCGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
4 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | — | — | — | — | Fixed |
| ruby2.5 | — | — | — | Fixed | Ignored |
| ruby2.7 | — | — | Fixed | — | Ignored |
| ruby3.0 | — | Fixed | — | — | Ignored |
CVE-2021-41817
Medium priorityDate.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
4 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | — | — | — | — | Fixed |
| ruby2.5 | — | — | — | Fixed | Ignored |
| ruby2.7 | — | — | Fixed | — | Ignored |
| ruby3.0 | — | Fixed | — | — | Ignored |
CVE-2021-41816
Medium priorityCGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also...
4 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | — | — | — | — | Not affected |
| ruby2.5 | — | — | — | Not affected | Ignored |
| ruby2.7 | — | — | Fixed | — | Ignored |
| ruby3.0 | — | Fixed | — | — | Ignored |