CVE-2021-33621

CVSS v3.1 8.8 (High)

EPSS 0.52 % (77^th)

Affected Products 3

Advisories 32

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Weaknesses

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-11-18 23:15:18
(22 months ago)
Updated Date: 2024-01-24 05:15:10
(7 months ago)

Affected Products

Fedoraproject

Fedora

Ruby-lang

Cgi
Ruby

Configuration #1

	CPE23	From	Up To
Ruby-lang Cgi for Ruby prior 0.1.0.2 version	cpe:2.3:a:ruby-lang:cgi::::::ruby		< 0.1.0.2
Ruby-lang Cgi for Ruby from 0.2.0 version and prior 0.2.2 version	cpe:2.3:a:ruby-lang:cgi::::::ruby	>= 0.2.0	< 0.2.2
Ruby-lang Cgi for Ruby from 0.3.0 version and prior 0.3.5 version	cpe:2.3:a:ruby-lang:cgi::::::ruby	>= 0.3.0	< 0.3.5

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36
	Fedoraproject Fedora 37	cpe:2.3:o:fedoraproject:fedora:37

Configuration #3

	CPE23	From	Up To
Ruby-lang Ruby from 2.7.0 version and prior 2.7.7 version	cpe:2.3:a:ruby-lang:ruby	>= 2.7.0	< 2.7.7
Ruby-lang Ruby from 3.0.0 version and prior 3.0.5 version	cpe:2.3:a:ruby-lang:ruby	>= 3.0.0	< 3.0.5
Ruby-lang Ruby from 3.1.0 version and prior 3.1.3 version	cpe:2.3:a:ruby-lang:ruby	>= 3.1.0	< 3.1.3