From 73f2b558c088a50eb9c68abcaab6e00b5d9e91bc Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 1 Dec 2021 07:52:35 +0100
Subject: Add CVE-2021-41819/ruby

---
 data/CVE/2021.list | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 6a5ce323a2..fe4f277c2b 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6127,8 +6127,15 @@ CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Int
 	NOT-FOR-US: Wazuh
 CVE-2021-41820
 	RESERVED
-CVE-2021-41819
+CVE-2021-41819 [Cookie Prefix Spoofing in CGI::Cookie.parse]
 	RESERVED
+	- ruby3.0 <unfixed>
+	- ruby2.7 <unfixed>
+	- ruby2.5 <removed>
+	- ruby2.3 <removed>
+	NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+	NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
+	TODO: check upstream commits
 CVE-2021-41818
 	RESERVED
 CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsing Methods]
-- 
cgit v1.2.3