​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-f83j-67rw-2p75

Published

Last updated

https://images.chainguard.dev/security/CGA-f83j-67rw-2p75
Package

ruby-3.0

Latest Update
Fixed
Fixed Version

3.0.5-r0

Aliases
  • CVE-2021-33621
  • GHSA-vc47-6rqg-c7f5

Severity

8.8

High

CVSS V3

Summary

HTTP response splitting in CGI

Description

Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This issue has been patched in versions 0.3.5, 0.2.2 and 0.1.0.2.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation