CVE-2021-41819
HighPublic PoC
Published: 01 January 2022
Published
01 January 2022
Modified
22 May 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.0076
73.9th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-41819 is a high-severity Reliance on Cookies without Validation and Integrity Checking (CWE-565) vulnerability in Ruby-Lang Cgi. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 26.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-0449
Vulnerability details
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
ruby-lang
cgi
0.1.0, 0.2.0, 0.3.0
ruby-lang
ruby
≤ 2.6.8 · 2.7.0 — 2.7.5 · 3.0.0 — 3.0.3
redhat
software collections
all versions
redhat
enterprise linux
8.0
debian
debian linux
10.0, 11.0, 9.0
suse
linux enterprise
11.0, 12.0, 15.0
opensuse
factory
all versions
opensuse
leap
15.2
fedoraproject
fedora
34, 35
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.