vulnerability
FreeBSD: VID-4548ec97-4d38-11ec-a539-0800270512f4 (CVE-2021-41819): rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Nov 24, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Nov 24, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
ooooooo_q reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names. Note that this is an incompatibility if cookie names that you are using include non-alphanumeric characters that are URL-encoded.
Solutions
freebsd-upgrade-package-rubyfreebsd-upgrade-package-ruby26freebsd-upgrade-package-ruby27freebsd-upgrade-package-ruby30freebsd-upgrade-package-rubygem-cgi
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.