Description
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Remediation
References
Related Vulnerabilities
WordPress Plugin Email Queue by BestWebSoft Cross-Site Request Forgery (1.0.0)
WordPress 4.1.x Denial of Service Vulnerability (4.1 - 4.1.22)
WordPress Plugin Customer Reviews for WooCommerce Local File Inclusion (5.15.0)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.10)
WordPress Plugin External Media without Import Cross-Site Scripting (1.0.1)