[RUBYSEC:CGI-2021-33621] HTTP response splitting in CGI
Severity
High
Affected Packages
1
Fixed Packages
3
CVEs
1
cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP
header injection. If a CGI application using the CGI library inserts
untrusted input into the HTTP response header, an attacker can exploit it to
insert a newline character to split a header, and inject malicious content to
deceive clients.
| Package | Affected Version |
|---|---|
 pkg:gem/cgi
|
< 0.3.5 |
| Package | Fixed Version |
|---|---|
|
pkg:gem/cgi
|
= 0.1.0.2 |
|
pkg:gem/cgi
|
= 0.2.2 |
|
pkg:gem/cgi
|
>= 0.3.5 |
- ID
- RUBYSEC:CGI-2021-33621
- Severity
- high
- URL
- https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
- Published
-
2022-11-18T00:00:00
(22 months ago) - Modified
-
2023-05-15T18:05:13
(16 months ago) - Rights
- RubySec Security Team
- Other Advisories
-
-
ALAS2-2024-2503
-
ALPINE:CVE-2021-33621
-
ALSA-2023:3821
-
ALSA-2023:7025
-
ALSA-2024:1431
-
ALSA-2024:1576
-
ALSA-2024:3500
-
ALSA-2024:3838
-
ELSA-2023-3821
-
ELSA-2023-7025
-
ELSA-2024-1431
-
ELSA-2024-1576
-
ELSA-2024-3500
-
ELSA-2024-3838
-
FEDORA-2022-b9b710f199
-
FEDORA-2022-ef96a58bbe
-
FEDORA-2022-f0f6c6bec2
-
FREEBSD:84AB03B6-6C20-11ED-B519-080027F5FEC9
-
GLSA-202401-27
-
RHSA-2023:3821
-
RHSA-2023:7025
-
RHSA-2024:1431
-
RHSA-2024:1576
-
RHSA-2024:3500
-
RHSA-2024:3838
-
SSA:2022-328-01
-
SUSE-SU-2023:4176-1
-
USN-5806-1
-
USN-5806-2
-
USN-5806-3
-
USN-6181-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Security Advisory | GHSA-vc47-6rqg-c7f5 |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |