CGI.escape_html in Ruby prior to 2.7.5 and 3.x prior to 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem prior to 0.3.1 for Ruby.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang cgi |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |