Mageia: 2022-0455 Urgent: SQL Injection Vulnerability in Python
mageia
December 13, 2022
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body
Summary
If an application that generates HTTP responses using the cgi gem with
untrusted user input, an attacker can exploit it to inject a malicious
HTTP response header and/or body.
Also, the contents for a CGI::Cookie object were not checked properly. If
an application creates a CGI::Cookie object based on user input, an
attacker may exploit it to inject invalid attributes in Set-Cookie header.
Such applications are unlikely, but a change is included to check
arguments for CGI::Cookie#initialize preventatively.
References
- https://bugs.mageia.org/show_bug.cgi?id=31187
- https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/
- https://www.cve.org/CVERecord?id=CVE-2021-33621
Topics Covered
Resolution
SRPMS
- 8/core/ruby-2.7.7-33.6.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 13 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0454.html
Type: security
CVE: CVE-2021-33621
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!