BIT-ruby-2021-33621

Import Source

https://github.com/bitnami/vulndb/tree/main/data/ruby/BIT-ruby-2021-33621.json

Aliases

CVE-2021-33621
GHSA-vc47-6rqg-c7f5

Published

2024-03-06T11:05:00.460Z

Modified

2024-03-06T11:25:28.861Z

Details

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

References

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20221228-0004/
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

Affected packages

Bitnami / ruby

Package

Name: ruby

Affected ranges

Type: SEMVER
Events: Introduced

2.7.0

Fixed

2.7.7

Introduced

3.0.0

Fixed

3.0.5

Introduced

3.1.0

Fixed

3.1.3