A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. This is the same issue of CVE-2020-8184.
A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse in the cgi gem before versions 0.3.1, 0.2.1 and 0.1.1. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. This is the same issue of CVE-2020-8184.
https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-6-9-released/ https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5