AZL-7126

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7126.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-7126
Upstream
Published
2022-01-01T06:15:07Z
Modified
2026-04-01T05:22:01.991837Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2
Details

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

References

Affected packages

Azure Linux:2 / ruby

Package

Name
ruby
Purl
pkg:rpm/azure-linux/ruby

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2-2

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7126.json"