CVE-2021-33621

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-33621

CGA ID

CGA-f83j-67rw-2p75

Severity

Unknown

Description

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

References

https://images.chainguard.dev/security/CGA-f83j-67rw-2p75
https://github.com/advisories/GHSA-vc47-6rqg-c7f5
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20221228-0004/
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/
https://security.alpinelinux.org/vuln/CVE-2021-33621
https://security-tracker.debian.org/tracker/CVE-2021-33621

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-33621

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources