[FREEBSD:84AB03B6-6C20-11ED-B519-080027F5FEC9] rubygem-cgi -- HTTP response splitting vulnerability
Severity
High
Affected Packages
6
CVEs
1
Hiroshi Tokumaru reports:
If an application that generates HTTP responses using the
cgi gem with untrusted user input, an attacker can exploit
it to inject a malicious HTTP response header and/or body.
Also, the contents for a CGI::Cookie object
were not checked properly. If an application creates a
CGI::Cookie object based on user input, an
attacker may exploit it to inject invalid attributes in
Set-Cookie header. We think such applications
are unlikely, but we have included a change to check
arguments for CGI::Cookie#initialize
preventatively.
| Package | Affected Version |
|---|---|
 pkg:freebsd/rubygem-cgi
|
< 0.3.4 |
|
pkg:freebsd/ruby32
|
< 3.2.0.r1,1 |
|
pkg:freebsd/ruby31
|
< 3.1.3,1 |
|
pkg:freebsd/ruby30
|
< 3.0.5,1 |
|
pkg:freebsd/ruby27
|
< 2.7.7,1 |
|
pkg:freebsd/ruby
|
< 2.7.7,1 |
- ID
- FREEBSD:84AB03B6-6C20-11ED-B519-080027F5FEC9
- Severity
- high
- Severity from
- CVE-2021-33621
- URL
- http://vuxml.freebsd.org/freebsd/84ab03b6-6c20-11ed-b519-080027f5fec9.html
- Published
-
2022-11-22T00:00:00
(21 months ago) - Modified
-
2022-11-24T00:00:00
(21 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
-
ALAS2-2024-2503
-
ALPINE:CVE-2021-33621
-
ALSA-2023:3821
-
ALSA-2023:7025
-
ALSA-2024:1431
-
ALSA-2024:1576
-
ALSA-2024:3500
-
ALSA-2024:3838
-
ELSA-2023-3821
-
ELSA-2023-7025
-
ELSA-2024-1431
-
ELSA-2024-1576
-
ELSA-2024-3500
-
ELSA-2024-3838
-
FEDORA-2022-b9b710f199
-
FEDORA-2022-ef96a58bbe
-
FEDORA-2022-f0f6c6bec2
-
GLSA-202401-27
-
RHSA-2023:3821
-
RHSA-2023:7025
-
RHSA-2024:1431
-
RHSA-2024:1576
-
RHSA-2024:3500
-
RHSA-2024:3838
-
RUBYSEC:CGI-2021-33621
-
SSA:2022-328-01
-
SUSE-SU-2023:4176-1
-
USN-5806-1
-
USN-5806-2
-
USN-5806-3
-
USN-6181-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/rubygem-cgi |
rubygem-cgi
|
< 0.3.4 | ||||
| Affected | pkg:freebsd/ruby32 |
ruby32
|
< 3.2.0.r1,1 | ||||
| Affected | pkg:freebsd/ruby31 |
ruby31
|
< 3.1.3,1 | ||||
| Affected | pkg:freebsd/ruby30 |
ruby30
|
< 3.0.5,1 | ||||
| Affected | pkg:freebsd/ruby27 |
ruby27
|
< 2.7.7,1 | ||||
| Affected | pkg:freebsd/ruby |
ruby
|
< 2.7.7,1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |