diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-01 07:52:35 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-01 07:52:35 +0100 |
commit | 73f2b558c088a50eb9c68abcaab6e00b5d9e91bc (patch) | |
tree | 6b903ab06c22e3abe7e4b6412fd3c6fa3ce22b04 | |
parent | 32b301fe5748ebb3925d46eece7c7aff1f741198 (diff) |
Add CVE-2021-41819/ruby
-rw-r--r-- | data/CVE/2021.list | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6a5ce323a2..fe4f277c2b 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -6127,8 +6127,15 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int NOT-FOR-US: Wazuh CVE-2021-41820 RESERVED -CVE-2021-41819 +CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse] RESERVED + - ruby3.0 <unfixed> + - ruby2.7 <unfixed> + - ruby2.5 <removed> + - ruby2.3 <removed> + NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 + NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ + TODO: check upstream commits CVE-2021-41818 RESERVED CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods] |