Examples and info on creating route constraints for those times when you’d like a little more control over your routes.
Author: Michael G
CVE-2021-33621: HTTP response splitting in CGI
We have released the cgi gem version 0.3.5, 0.2.2, and 0.1.0.2 that has a security fix for a HTTP response splitting vulnerability.
This vulnerability has been assigned the CVE identifier CVE-2021-33621.
Details
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body.
Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object based on user input, an attacker may exploit it to inject invalid attributes in Set-Cookie header. We think such applications are unlikely, but we have included a change to check arguments for CGI::Cookie#initialize preventatively.
Please update the cgi gem to version 0.3.5, 0.2.2, and 0.1.0.2, or later. You can use gem update cgi to update it.
If you are using bundler, please add gem "cgi", ">= 0.3.5" to your Gemfile.
Affected versions
- cgi gem 0.3.3 or before
- cgi gem 0.2.1 or before
- cgi gem 0.1.1 or 0.1.0.1 or 0.1.0
Credits
Thanks to Hiroshi Tokumaru for discovering this issue.
History
- Originally published at 2022-11-22 02:00:00 (UTC)
Posted by mame on 22 Nov 2022
3 things sysadmins need to know about edge computing
As more edge devices appear on enterprise networks, sysadmins need the knowledge and tools to support them. Read More at Enable Sysadmin
The post 3 things sysadmins need to know about edge computing appeared first on Linux.com.
The best gift for anyone who wants to feel safer when they go online: Mozilla privacy products
The holidays are a wonderful time of the year where we are happily shopping for unique gifts for loved ones online. It also means we’re sharing our personal information online like giving out email addresses or phone numbers to sign up for discount programs or creating new accounts. Whenever we go online, we are asked […]
The post The best gift for anyone who wants to feel safer when they go online: Mozilla privacy products appeared first on The Mozilla Blog.
War Comes To America
Video by via Dailymotion Source “War Comes to America,” Bab VII dari seri “Why We Fight” karya Frank Capra, dimulai dengan merayakan nilai-nilai kebebasan dan kebebasan Amerika yang terancam oleh kekuatan agresif Jerman dan Jepang. Tahun-tahun awal perang dilihat dari perspektif Amerika Serikat, dengan fokus khusus pada keengganan rakyat Amerika untuk terlibat dalam konflik Eropa…
Memimpin Daerah Kelahiran | Teras Negeri Bersama Hendy Siswanto
Video by via Dailymotion Source Hendy Siswanto lahir dan besar di kampung Ledok, Kelurahan Jember Kidul, Kaliwates. Tak heran jika ia telah mengenal dan memahami potensi tanah kelahirannya, Jember.¬† Beliau telah menorehkan berbagai prestasi dalam karirnya di sektor perkeretaapian Indonesia. Salah satunya dengan mendapatkan penghargaan Satya Lencana Pembangunan dari presiden Republik Indonesia.¬†Setelah pensiun, kini Hendy…
Gujarat Election 2022: PM Modi का वार, Rahul Gandhi,Medha Patkar पर निशाना |वनइंडिया हिंदी|*Politics
Video by via Dailymotion Source Gujarat Election 2022: प्रधानमंत्री नरेंद्र मोदी (Narendra Modi) भी इस समय गुजरात दौरे पर हैं… और ताबड़तोड़ रैलियां कर रहे हैं… सुरेंद्रनगर (Surendra Nagar) में एक चुनावी जनसभा के दौरान पीएम मोदी (PM Modi) ने कांग्रेस (Congress) और राहुल गांधी (Rahul Gandhi) पर निशाना साधा। पीएम मोदी ने राहुल गांधी…