UBUNTU-CVE-2021-33621
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2021-33621
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33621.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-33621
- Related
- Published
- 2022-11-18T23:15:00Z
- Modified
- 2022-11-18T23:15:00Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
- References
-
- https://ubuntu.com/security/CVE-2021-33621
- https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
- https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708
- https://github.com/ruby/cgi/commit/b46d41c36380e04f6388970b5ef05c687f4d1819
- https://ubuntu.com/security/notices/USN-5806-1
- https://ubuntu.com/security/notices/USN-5806-2
- https://ubuntu.com/security/notices/USN-5806-3
- https://ubuntu.com/security/notices/USN-6181-1
- https://www.cve.org/CVERecord?id=CVE-2021-33621
Affected packages
Ubuntu:Pro:14.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:Pro:16.04:LTS / ruby2.3
Package
- Name
- ruby2.3
- Purl
- pkg:deb/ubuntu/ruby2.3@2.3.1-2~ubuntu16.04.16+esm4?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.1-2~ubuntu16.04.16+esm4
Affected versions
2.*
2.3.0-1
2.3.0-2
2.3.0-4ubuntu2
2.3.0-4ubuntu3
2.3.0-5ubuntu1
2.3.1-2~16.04
2.3.1-2~16.04.2
2.3.1-2~16.04.4
2.3.1-2~16.04.5
2.3.1-2~16.04.6
2.3.1-2~16.04.7
2.3.1-2~16.04.9
2.3.1-2~16.04.10
2.3.1-2~16.04.11
2.3.1-2~16.04.12
2.3.1-2~ubuntu16.04.13
2.3.1-2~ubuntu16.04.14
2.3.1-2~ubuntu16.04.15
2.3.1-2~ubuntu16.04.16
2.3.1-2~ubuntu16.04.16+esm1
2.3.1-2~ubuntu16.04.16+esm2
2.3.1-2~ubuntu16.04.16+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3-tcltk": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3-dev-dbgsym": "2.3.1-2~ubuntu16.04.16+esm4",
"libruby2.3-dbg": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3-dev": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.16+esm4",
"libruby2.3": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3-tcltk-dbgsym": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3": "2.3.1-2~ubuntu16.04.16+esm4",
"ruby2.3-doc": "2.3.1-2~ubuntu16.04.16+esm4"
}
]
}
Ubuntu:Pro:16.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:18.04:LTS / ruby2.5
Package
- Name
- ruby2.5
- Purl
- pkg:deb/ubuntu/ruby2.5@2.5.1-1ubuntu1.13?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.1-1ubuntu1.13
Affected versions
2.*
2.5.0~preview1-1ubuntu2
2.5.0-4ubuntu1
2.5.0-4ubuntu4
2.5.0-5ubuntu1
2.5.0-6ubuntu1
2.5.1-1ubuntu1
2.5.1-1ubuntu1.1
2.5.1-1ubuntu1.2
2.5.1-1ubuntu1.4
2.5.1-1ubuntu1.5
2.5.1-1ubuntu1.6
2.5.1-1ubuntu1.7
2.5.1-1ubuntu1.8
2.5.1-1ubuntu1.9
2.5.1-1ubuntu1.10
2.5.1-1ubuntu1.11
2.5.1-1ubuntu1.12
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby2.5": "2.5.1-1ubuntu1.13",
"ruby2.5-dbgsym": "2.5.1-1ubuntu1.13",
"libruby2.5": "2.5.1-1ubuntu1.13",
"libruby2.5-dbgsym": "2.5.1-1ubuntu1.13",
"ruby2.5-dev": "2.5.1-1ubuntu1.13",
"ruby2.5-doc": "2.5.1-1ubuntu1.13"
}
]
}
Ubuntu:Pro:18.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:20.04:LTS / jruby
Package
- Name
- jruby
Ubuntu:20.04:LTS / ruby2.7
Package
- Name
- ruby2.7
- Purl
- pkg:deb/ubuntu/ruby2.7@2.7.0-5ubuntu1.8?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.0-5ubuntu1.8
Affected versions
2.*
2.7.0-1
2.7.0-2
2.7.0-3
2.7.0-4
2.7.0-4ubuntu1
2.7.0-5ubuntu1
2.7.0-5ubuntu1.1
2.7.0-5ubuntu1.2
2.7.0-5ubuntu1.3
2.7.0-5ubuntu1.4
2.7.0-5ubuntu1.5
2.7.0-5ubuntu1.6
2.7.0-5ubuntu1.7
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby2.7-doc": "2.7.0-5ubuntu1.8",
"ruby2.7-dbgsym": "2.7.0-5ubuntu1.8",
"ruby2.7": "2.7.0-5ubuntu1.8",
"libruby2.7": "2.7.0-5ubuntu1.8",
"libruby2.7-dbgsym": "2.7.0-5ubuntu1.8",
"ruby2.7-dev": "2.7.0-5ubuntu1.8"
}
]
}
Ubuntu:22.04:LTS / ruby3.0
Package
- Name
- ruby3.0
- Purl
- pkg:deb/ubuntu/ruby3.0@3.0.2-7ubuntu2.3?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.2-7ubuntu2.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby3.0-dev": "3.0.2-7ubuntu2.3",
"ruby3.0": "3.0.2-7ubuntu2.3",
"ruby3.0-doc": "3.0.2-7ubuntu2.3",
"libruby3.0": "3.0.2-7ubuntu2.3",
"libruby3.0-dbgsym": "3.0.2-7ubuntu2.3",
"ruby3.0-dbgsym": "3.0.2-7ubuntu2.3"
}
]
}