GHSA-5cqm-crxm-6qpv

Source

https://github.com/advisories/GHSA-5cqm-crxm-6qpv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-5cqm-crxm-6qpv/GHSA-5cqm-crxm-6qpv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5cqm-crxm-6qpv

Aliases

CVE-2021-41816

Related

CGA-rwv5-454x-4xjp

Published

2021-12-14T21:36:20Z

Modified

2024-03-10T05:18:37.963070Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Buffer overrun in CGI.escape_html

Details

A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string (> 700 MB) to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows.

References

Affected packages

RubyGems / cgi

Package

Name: cgi
Purl: pkg:gem/cgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.3.0

Fixed

0.3.1

Affected versions

0.*

0.3.0

RubyGems / cgi

Package

Name: cgi
Purl: pkg:gem/cgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.2.0

Fixed

0.2.1

Affected versions

0.*

0.2.0

RubyGems / cgi

Package

Name: cgi
Purl: pkg:gem/cgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.0.1

Affected versions

0.*

0.1.0