Updated ruby packages fix security vulnerabilityPublication date: 13 Dec 2022
Affected Mageia releases : 8
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object based on user input, an attacker may exploit it to inject invalid attributes in Set-Cookie header. Such applications are unlikely, but a change is included to check arguments for CGI::Cookie#initialize preventatively.