GHSA-5cqm-crxm-6qpv

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-5cqm-crxm-6qpv/GHSA-5cqm-crxm-6qpv.json
Aliases
  • CVE-2021-41816
Published
2021-12-14T21:36:20Z
Modified
2022-05-18T04:16:35.257903Z
Details

A security vulnerability that causes buffer overflow when you pass a very large string (> 700 MB) to CGI.escape_html on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2,1, and 0.1,1 or later. You can use gem update cgi to update it. If you are using bundler, please add gem "cgi", ">= 0.3.1" to your Gemfile. Alternatively, please update Ruby to 2.7.5 or 3.0.3. This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby 2.6 is not vulnerable.

References

Affected packages

RubyGems / cgi

cgi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.3.0
Fixed
0.3.1

Affected versions

0.*

0.3.0

RubyGems / cgi

cgi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.2.0
Fixed
0.2.1

Affected versions

0.*

0.2.0

RubyGems / cgi

cgi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.1.1

Affected versions

0.*

0.1.0