发布时间: 2023年1月6日
修改时间: 2024年10月31日
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 8.8 | 8.8 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1018 | ruby security update | 2023年1月6日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | ruby | Fixed |
| KY3.4-5A | ruby | Fixed |
| KY3.5.1 | ruby | Fixed |
| KY3.5.2 | ruby | Fixed |
