{"vulnerability": "CVE-2021-4181", "sightings": [{"uuid": "a36ccc77-036a-4187-a725-ed6cd20730cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41810", "type": "seen", "source": "https://t.me/cibsecurity/41775", "content": "\u203c CVE-2021-41810 \u203c\n\nAdmin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T00:28:03.000000Z"}, {"uuid": "e81aea3e-a169-4215-8935-2e113ed62773", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41819", "type": "seen", "source": "https://t.me/ctinow/46312", "content": "Internet Bug Bounty: Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse\n\nhttps://ift.tt/IrhKyjg91", "creation_timestamp": "2022-02-03T06:41:38.000000Z"}, {"uuid": "4bc88cc6-d6c3-473b-ae89-8bbd8ec66188", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41819", "type": "seen", "source": "https://t.me/cibsecurity/34815", "content": "\u203c CVE-2021-41819 \u203c\n\nCGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-28T14:25:15.000000Z"}, {"uuid": "cae0ccf2-5c97-498f-8682-88ca373bc284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41817", "type": "seen", "source": "https://t.me/cibsecurity/34809", "content": "\u203c CVE-2021-41817 \u203c\n\nDate.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-01T07:36:14.000000Z"}, {"uuid": "e136327d-8541-44bf-abe6-eb56332ebc66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4181", "type": "seen", "source": "https://t.me/cibsecurity/34774", "content": "\u203c CVE-2021-4181 \u203c\n\nCrash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-31T00:34:31.000000Z"}]}