Description

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Remediation

References

CVE-2021-33621

Related Vulnerabilities

Apache HTTP Server Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2009-1955)

Moodle Other Vulnerability (CVE-2019-10189)

Oracle HTTP Server Other Vulnerability (CVE-2020-35166)

Jboss EAP CVE-2013-4210 Vulnerability (CVE-2013-4210)

Liferay DXP Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)

Severity

High

Classification

CVE-2021-33621 CWE-436 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities