The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
24 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 |
09 Jun 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 May 2023, 11:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ruby-lang ruby
|
|
CPE | cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:* |
12 Jan 2023, 19:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221228-0004/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/ - Mailing List, Third Party Advisory |
28 Dec 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Nov 2022, 21:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:* | |
First Time |
Ruby-lang
Ruby-lang cgi |
|
References |
|
|
Summary | The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. | |
CWE | CWE-436 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
19 Nov 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
18 Nov 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-18 23:15
Updated : 2024-01-24 05:15
NVD link : CVE-2021-33621
Mitre link : CVE-2021-33621
CVE.ORG link : CVE-2021-33621
JSON object : View
Products Affected
ruby-lang
- ruby
- cgi
fedoraproject
- fedora
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')