Miggo Logo
Miggo Vulnerability Database
CVE-2021-41819

CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-41819
GHSA ID
GHSA-4vf4-qmvg-mh7h
EPSS Score
0.7046%
CWE
CWE-565
Published
1/21/2022
Updated
1/24/2024
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
cgirubygems= 0.3.00.3.1
cgirubygems= 0.2.00.2.1
cgirubygems< 0.1.0.10.1.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems directly from CGI::Cookie.parse's handling of cookie names. The function was decoding cookie names before processing(), which allowed manipulation of security prefixes through URL encoding. This matches the CWE-565 pattern of insufficient cookie validation. Multiple sources including Ruby's security advisory explicitly identify CGI::Cookie.parse as the vulnerable component. The patch corrected this by removing URL decoding from cookie name processing().

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**I::*ooki*.p*rs* in Ru*y t*rou** *.*.* mis**n*l*s s**urity pr**ix*s in *ooki* n*m*s. T*is *lso *****ts t** **I **m prior to v*rsions *.*.*, *.*.*, *.*.*, *n* *.*.*.* *or Ru*y.

Reasoning

T** vuln*r**ility st*ms *ir**tly *rom `**I::*ooki*.p*rs*`'s **n*lin* o* *ooki* n*m*s. T** *un*tion w*s ***o*in* *ooki* n*m*s ***or* `pro**ssin*()`, w*i** *llow** m*nipul*tion o* s**urity pr**ix*s t*rou** URL *n*o*in*. T*is m*t***s t** *W*-*** p*tt*rn