The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

References

lists.debian.org/debian-lts-announce/2023/06/msg00012.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/

security.gentoo.org/glsa/202401-27

security.netapp.com/advisory/ntap-20221228-0004/

www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

ubuntu 4

osv 16

openvas 20

fedora 3

nessus 48

cve 1

ubuntucve 1

cgr 1

nvd 1

hackerone 4

debiancve 1

slackware 1

freebsd 1

prion 1

veracode 1

redhatcve 1

alpinelinux 1

wolfi 1

mageia 1

amazon 1

github 1

cloudfoundry 1

photon 3

debian 1

oraclelinux 6

rocky 3

redhat 6

almalinux 6

ibm 2

gentoo 1

ubuntu

Ruby vulnerability

2023-03-20 00:00:00

Ruby vulnerability

2023-01-17 00:00:00

Ruby vulnerability

2023-01-23 00:00:00

osv

ruby2.3 vulnerability

2023-01-17 15:59:06

HTTP response splitting in CGI

2022-11-19 00:30:55

BIT-ruby-2021-33621

2024-03-06 11:05:00

openvas

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1458)

2023-03-09 00:00:00

Fedora: Security Advisory for ruby (FEDORA-2022-f0f6c6bec2)

2022-12-09 00:00:00

Fedora: Security Advisory for ruby (FEDORA-2022-ef96a58bbe)

2022-12-08 00:00:00

fedora

[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35

2022-12-09 00:49:28

[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37

2022-12-08 02:06:38

[SECURITY] Fedora 36 Update: ruby-3.1.3-172.fc36

2022-12-08 01:56:31

nessus

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-1483)

2023-03-09 00:00:00

FreeBSD : rubygem-cgi -- HTTP response splitting vulnerability (84ab03b6-6c20-11ed-b519-080027f5fec9)

2022-11-25 00:00:00

Ubuntu 16.04 ESM : Ruby vulnerability (USN-5806-1)

2023-01-17 00:00:00

cve

CVE-2021-33621

2022-11-18 23:15:18

ubuntucve

CVE-2021-33621

2022-11-18 00:00:00

cgr

CVE-2021-33621 vulnerabilities

2024-05-19 03:07:16

nvd

CVE-2021-33621

2022-11-18 23:15:18

hackerone

Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class

2023-03-01 08:03:28

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

2023-03-01 07:59:07

Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

2021-05-21 12:21:26

debiancve

CVE-2021-33621

2022-11-18 23:15:18

slackware

[slackware-security] ruby

2022-11-24 21:00:38

freebsd

rubygem-cgi -- HTTP response splitting vulnerability

2022-11-22 00:00:00

prion

Design/Logic Flaw

2022-11-18 23:15:00

veracode

HTTP Response Splitting

2022-12-07 11:55:45

redhatcve

CVE-2021-33621

2022-11-30 16:56:14

alpinelinux

CVE-2021-33621

2022-11-18 23:15:18

wolfi

CVE-2021-33621 vulnerabilities

2024-07-05 21:08:40

mageia

Updated ruby packages fix security vulnerability

2022-12-14 01:09:19

amazon

Important: ruby

2024-03-13 20:26:00

github

HTTP response splitting in CGI

2022-11-19 00:30:55

cloudfoundry

USN-5806-2: Ruby vulnerability | Cloud Foundry

2023-02-24 00:00:00

photon

Important Photon OS Security Update - PHSA-2024-5.0-0221

2024-03-04 00:00:00

Important Photon OS Security Update - PHSA-2024-4.0-0562

2024-02-08 00:00:00

Important Photon OS Security Update - PHSA-2024-3.0-0732

2024-02-29 00:00:00

debian

[SECURITY] [DLA 3450-1] ruby2.5 security update

2023-06-09 10:23:43

oraclelinux

ruby:2.7 security, bug fix, and enhancement update

2023-07-08 00:00:00

ruby:2.5 security update

2023-11-18 00:00:00

ruby:3.1 security, bug fix, and enhancement update

2024-04-02 00:00:00

rocky

ruby:2.7 security, bug fix, and enhancement update

2023-08-31 16:54:34

ruby:3.1 security, bug fix, and enhancement update

2024-04-05 14:57:12

ruby:3.1 security, bug fix, and enhancement update

2024-03-27 04:34:32

redhat

(RHSA-2023:3291) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update

2023-05-24 08:44:46

(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update

2023-06-27 13:35:33

(RHSA-2024:1576) Moderate: ruby:3.1 security, bug fix, and enhancement update

2024-04-01 00:57:59

almalinux

Moderate: ruby:2.7 security, bug fix, and enhancement update

2023-06-27 00:00:00

Moderate: ruby:2.5 security update

2023-11-14 00:00:00

Moderate: ruby:3.1 security, bug fix, and enhancement update

2024-04-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

2023-11-01 10:38:44

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

2023-07-18 13:09:31

gentoo

Ruby: Multiple vulnerabilities

2024-01-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.8%

JSON

Related for CVELIST:CVE-2021-33621