Description

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Remediation

References

CVE-2021-33621

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38264)

WebLogic CVE-2021-2136 Vulnerability (CVE-2021-2136)

WordPress Plugin RESPONSIVE 3D SLIDER SQL Injection (1.2)

Joomla Improper Input Validation Vulnerability (CVE-2015-8564)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43558)

Severity

High

Classification

CVE-2021-33621 CWE-436 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities