CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41816

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2021-41816

Ruby-Lang » Cgi » Version: 0.1.0

cpe:2.3:a:ruby-lang:cgi:0.1.0
Ruby-Lang » Cgi » Version: 0.1.1

cpe:2.3:a:ruby-lang:cgi:0.1.1
Ruby-Lang » Cgi » Version: 0.2.0

cpe:2.3:a:ruby-lang:cgi:0.2.0
Ruby-Lang » Cgi » Version: 0.2.1

cpe:2.3:a:ruby-lang:cgi:0.2.1
Ruby-Lang » Cgi » Version: 0.3.0

cpe:2.3:a:ruby-lang:cgi:0.3.0
Ruby-Lang » Ruby » Version: 2.7.0

cpe:2.3:a:ruby-lang:ruby:2.7.0
Ruby-Lang » Ruby » Version: 2.7.1

cpe:2.3:a:ruby-lang:ruby:2.7.1
Ruby-Lang » Ruby » Version: 2.7.2

cpe:2.3:a:ruby-lang:ruby:2.7.2
Ruby-Lang » Ruby » Version: 2.7.3

cpe:2.3:a:ruby-lang:ruby:2.7.3
Ruby-Lang » Ruby » Version: 2.7.4

cpe:2.3:a:ruby-lang:ruby:2.7.4
Ruby-Lang » Ruby » Version: 3.0.0

cpe:2.3:a:ruby-lang:ruby:3.0.0
Ruby-Lang » Ruby » Version: 3.0.1

cpe:2.3:a:ruby-lang:ruby:3.0.1
Ruby-Lang » Ruby » Version: 3.0.2

cpe:2.3:a:ruby-lang:ruby:3.0.2
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41816

Products

Pricing

Contact Us