GHSA-5cqm-crxm-6qpv

Source

https://github.com/advisories/GHSA-5cqm-crxm-6qpv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-5cqm-crxm-6qpv/GHSA-5cqm-crxm-6qpv.json

Aliases

CVE-2021-41816

Published

2021-12-14T21:36:20Z

Modified

2024-03-10T05:18:37.963070Z

Summary

Buffer overrun in CGI.escape_html

Details

A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string (> 700 MB) to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows.

References

Affected packages

RubyGems / cgi

Package

Name: cgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.3.0

Fixed

0.3.1

Affected versions

0.*

0.3.0

RubyGems / cgi

Package

Name: cgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.2.0

Fixed

0.2.1

Affected versions

0.*

0.2.0

RubyGems / cgi

Package

Name: cgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.1.0.1

Affected versions

0.*

0.1.0