BIT-ruby-2021-33621

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/ruby/BIT-ruby-2021-33621.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-ruby-2021-33621

Aliases

CVE-2021-33621
GHSA-vc47-6rqg-c7f5

Published

2024-03-06T11:05:00.460Z

Modified

2024-09-11T06:12:44.306521Z

Summary

[none]

Details

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

References

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20221228-0004/
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

Affected packages

Bitnami / ruby

Package

Name: ruby
Purl: pkg:bitnami/ruby

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.7.0

Fixed

2.7.7

Introduced

3.0.0

Fixed

3.0.5

Introduced

3.1.0

Fixed

3.1.3