Description
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Remediation
References
Related Vulnerabilities
WordPress Plugin Abandoned Cart Pro for WooCommerce Cross-Site Scripting (7.11.1)
WordPress Plugin Kino Gallery TimThumb Arbitrary File Upload (1.0)
WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)
Magento Improper Input Validation Vulnerability (CVE-2021-28585)