ruby is vulnerable denial of service. an attacker can crash the application through the CGI.escape_html
by providing a very large string.
hackerone.com/reports/1328463
lists.fedoraproject.org/archives/list/[email protected]/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/
lists.fedoraproject.org/archives/list/[email protected]/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
security-tracker.debian.org/tracker/CVE-2021-41816
security.netapp.com/advisory/ntap-20220303-0006/
www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/