A vulnerability in the CGI component of the Ruby programming language is related to the occurrence of an interpretation conflict
when inserting unreliable input data into HTTP response header. Exploitation of the vulnerability allows
an attacker acting remotely to gain access to confidential data, compromise its integrity, and cause a denial of service.
and cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64ruby< 2.7.6-131UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	ruby	< 2.7.6-131	UNKNOWN

openvas 21

nessus 53

fedora 3

osv 19

ubuntu 4

cve 1

debiancve 1

hackerone 4

nvd 1

amazon 1

cloudfoundry 1

mageia 1

rubygems 2

github 1

redhat 8

ubuntucve 1

cgr 1

prion 1

alpinelinux 1

slackware 1

veracode 1

freebsd 1

cvelist 1

redhatcve 1

wolfi 1

photon 3

debian 2

oraclelinux 6

rocky 3

almalinux 6

ibm 2

gentoo 1

openvas

Fedora: Security Advisory for ruby (FEDORA-2022-ef96a58bbe)

2022-12-08 00:00:00

Fedora: Security Advisory for ruby (FEDORA-2022-f0f6c6bec2)

2022-12-09 00:00:00

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1458)

2023-03-09 00:00:00

nessus

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-1483)

2023-03-09 00:00:00

Slackware Linux 15.0 / current ruby Vulnerability (SSA:2022-328-01)

2022-11-25 00:00:00

Photon OS 5.0: Ruby PHSA-2024-5.0-0221

2024-07-24 00:00:00

fedora

[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35

2022-12-09 00:49:28

[SECURITY] Fedora 36 Update: ruby-3.1.3-172.fc36

2022-12-08 01:56:31

[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37

2022-12-08 02:06:38

osv

ruby2.3 vulnerability

2023-01-17 15:59:06

BIT-ruby-2021-33621

2024-03-06 11:05:00

libruby3_1-3_1-3.1.3-1.1 on GA media

2024-06-15 00:00:00

ubuntu

Ruby vulnerability

2023-03-20 00:00:00

Ruby vulnerability

2023-01-23 00:00:00

Ruby vulnerability

2023-01-17 00:00:00

cve

CVE-2021-33621

2022-11-18 23:15:18

debiancve

CVE-2021-33621

2022-11-18 23:15:18

hackerone

Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class

2023-03-01 08:03:28

Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

2021-05-21 12:21:26

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

2023-03-01 07:59:07

nvd

CVE-2021-33621

2022-11-18 23:15:18

amazon

Important: ruby

2024-03-13 20:26:00

cloudfoundry

USN-5806-2: Ruby vulnerability | Cloud Foundry

2023-02-24 00:00:00

mageia

Updated ruby packages fix security vulnerability

2022-12-14 01:09:19

rubygems

HTTP response splitting in CGI

2022-11-17 21:00:00

HTTP response splitting in CGI

2022-11-21 21:00:00

github

HTTP response splitting in CGI

2022-11-19 00:30:55

redhat

(RHSA-2024:4542) Moderate: ruby security update

2024-07-15 15:44:19

(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update

2023-06-27 13:35:33

(RHSA-2023:3291) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update

2023-05-24 08:44:46

ubuntucve

CVE-2021-33621

2022-11-18 00:00:00

cgr

CVE-2021-33621 vulnerabilities

2024-05-19 03:07:16

prion

Design/Logic Flaw

2022-11-18 23:15:00

alpinelinux

CVE-2021-33621

2022-11-18 23:15:18

slackware

[slackware-security] ruby

2022-11-24 21:00:38

veracode

HTTP Response Splitting

2022-12-07 11:55:45

freebsd

rubygem-cgi -- HTTP response splitting vulnerability

2022-11-22 00:00:00

cvelist

CVE-2021-33621

2022-11-18 00:00:00

redhatcve

CVE-2021-33621

2022-11-30 16:56:14

wolfi

CVE-2021-33621 vulnerabilities

2024-09-30 09:32:54

photon

Important Photon OS Security Update - PHSA-2024-5.0-0221

2024-03-04 00:00:00

Important Photon OS Security Update - PHSA-2024-4.0-0562

2024-02-08 00:00:00

Important Photon OS Security Update - PHSA-2024-3.0-0732

2024-02-29 00:00:00

debian

[SECURITY] [DLA 3450-1] ruby2.5 security update

2023-06-09 10:23:43

[SECURITY] [DLA 3858-1] ruby2.7 security update

2024-09-02 12:46:22

oraclelinux

ruby:2.7 security, bug fix, and enhancement update

2023-07-08 00:00:00

ruby:3.1 security, bug fix, and enhancement update

2024-03-20 00:00:00

ruby:3.1 security, bug fix, and enhancement update

2024-04-02 00:00:00

rocky

ruby:2.7 security, bug fix, and enhancement update

2023-08-31 16:54:34

ruby:3.1 security, bug fix, and enhancement update

2024-03-27 04:34:32

ruby:3.1 security, bug fix, and enhancement update

2024-04-05 14:57:12

almalinux

Moderate: ruby:2.7 security, bug fix, and enhancement update

2023-06-27 00:00:00

Moderate: ruby:3.1 security, bug fix, and enhancement update

2024-03-19 00:00:00

Moderate: ruby:3.1 security, bug fix, and enhancement update

2024-04-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

2023-11-01 10:38:44

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

2023-07-18 13:09:31

gentoo

Ruby: Multiple vulnerabilities

2024-01-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

JSON

Related for ROS-20240827-04