diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-01 07:49:42 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-01 07:49:42 +0100 |
| commit | 467a76f20e40fec8ac5e0b83b342fc4758bc123b (patch) | |
| tree | 48be619a92760bbee00be2830fe7973fa89dbc4a | |
| parent | a8f8d9003721a5bf16ee5a4c286617dde659d065 (diff) | |
Add CVE-2021-41816/ruby
| -rw-r--r-- | data/CVE/list.2021 | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 30be18fe1a..6a5ce323a2 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -6143,8 +6143,15 @@ CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsi NOTE: Followups to mimic previous behaviour: NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2) NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2) -CVE-2021-41816 +CVE-2021-41816 [Buffer Overrun in CGI.escape_html] RESERVED + - ruby3.0 <unfixed> + - ruby2.7 <unfixed> + - ruby2.5 <removed> + - ruby2.3 <removed> + NOTE: Fixed in Ruby 3.0.3, 2.7.5 + NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/ + TODO: check upstream commits CVE-2021-41815 RESERVED CVE-2021-41814 |