Lucene search
RedHatRHSA-2024:4542HistoryJul 15, 2024 - 3:44 p.m.
(RHSA-2024:4542) Moderate: ruby security update
2024-07-1515:44:19
access.redhat.com
6
ruby
security update
http response splitting
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | s390x | rubygem-json-debuginfo | < 2.5.1-161.el9_2.1 | rubygem-json-debuginfo-2.5.1-161.el9_2.1.s390x.rpm |
| RedHat | 9 | x86_64 | ruby-debuginfo | < 3.0.4-161.el9_2.1 | ruby-debuginfo-3.0.4-161.el9_2.1.x86_64.rpm |
| RedHat | 9 | i686 | ruby-libs-debuginfo | < 3.0.4-161.el9_2.1 | ruby-libs-debuginfo-3.0.4-161.el9_2.1.i686.rpm |
| RedHat | 9 | x86_64 | rubygem-io-console | < 0.5.7-161.el9_2.1 | rubygem-io-console-0.5.7-161.el9_2.1.x86_64.rpm |
| RedHat | 9 | s390x | rubygem-io-console | < 0.5.7-161.el9_2.1 | rubygem-io-console-0.5.7-161.el9_2.1.s390x.rpm |
| RedHat | 9 | ppc64le | ruby-libs | < 3.0.4-161.el9_2.1 | ruby-libs-3.0.4-161.el9_2.1.ppc64le.rpm |
| RedHat | 9 | s390x | rubygem-json | < 2.5.1-161.el9_2.1 | rubygem-json-2.5.1-161.el9_2.1.s390x.rpm |
| RedHat | 9 | noarch | ruby-doc | < 3.0.4-161.el9_2.1 | ruby-doc-3.0.4-161.el9_2.1.noarch.rpm |
| RedHat | 9 | ppc64le | ruby-libs-debuginfo | < 3.0.4-161.el9_2.1 | ruby-libs-debuginfo-3.0.4-161.el9_2.1.ppc64le.rpm |
| RedHat | 9 | i686 | ruby-libs | < 3.0.4-161.el9_2.1 | ruby-libs-3.0.4-161.el9_2.1.i686.rpm |
Related
nessus
nessus
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-1483)
2023-03-09 00:00:00
Photon OS 5.0: Ruby PHSA-2024-5.0-0221
2024-07-24 00:00:00
Slackware Linux 15.0 / current ruby Vulnerability (SSA:2022-328-01)
2022-11-25 00:00:00
openvas
openvas
Fedora: Security Advisory for ruby (FEDORA-2022-f0f6c6bec2)
2022-12-09 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2022-ef96a58bbe)
2022-12-08 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1458)
2023-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35
2022-12-09 00:49:28
[SECURITY] Fedora 36 Update: ruby-3.1.3-172.fc36
2022-12-08 01:56:31
[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37
2022-12-08 02:06:38
osv
osv
ruby2.3 vulnerability
2023-01-17 15:59:06
BIT-ruby-2021-33621
2024-03-06 11:05:00
libruby3_1-3_1-3.1.3-1.1 on GA media
2024-06-15 00:00:00
ubuntu
ubuntu
Ruby vulnerability
2023-03-20 00:00:00
Ruby vulnerability
2023-01-23 00:00:00
Ruby vulnerability
2023-01-17 00:00:00
cve
cve
CVE-2021-33621
2022-11-18 23:15:18
debiancve
debiancve
CVE-2021-33621
2022-11-18 23:15:18
hackerone
hackerone
Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class
2023-03-01 08:03:28
Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information
2023-03-01 07:59:07
Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装
2021-05-21 12:21:26
nvd
nvd
CVE-2021-33621
2022-11-18 23:15:18
alpinelinux
alpinelinux
CVE-2021-33621
2022-11-18 23:15:18
prion
prion
Design/Logic Flaw
2022-11-18 23:15:00
slackware
slackware
[slackware-security] ruby
2022-11-24 21:00:38
veracode
veracode
HTTP Response Splitting
2022-12-07 11:55:45
freebsd
freebsd
rubygem-cgi -- HTTP response splitting vulnerability
2022-11-22 00:00:00
cvelist
cvelist
CVE-2021-33621
2022-11-18 00:00:00
redhatcve
redhatcve
CVE-2021-33621
2022-11-30 16:56:14
wolfi
wolfi
CVE-2021-33621 vulnerabilities
2024-09-30 09:32:54
amazon
amazon
Important: ruby
2024-03-13 20:26:00
cloudfoundry
cloudfoundry
USN-5806-2: Ruby vulnerability | Cloud Foundry
2023-02-24 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerability
2022-12-14 01:09:19
github
github
HTTP response splitting in CGI
2022-11-19 00:30:55
rubygems
rubygems
HTTP response splitting in CGI
2022-11-17 21:00:00
HTTP response splitting in CGI
2022-11-21 21:00:00
redos
redos
ROS-20240827-04
2024-08-27 00:00:00
cgr
cgr
CVE-2021-33621 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2021-33621
2022-11-18 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0221
2024-03-04 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0732
2024-02-29 00:00:00
debian
debian
[SECURITY] [DLA 3450-1] ruby2.5 security update
2023-06-09 10:23:43
[SECURITY] [DLA 3858-1] ruby2.7 security update
2024-09-02 12:46:22
oraclelinux
oraclelinux
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-04-02 00:00:00
ruby:2.5 security update
2023-11-18 00:00:00
rocky
rocky
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
redhat
redhat
almalinux
almalinux
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
Moderate: ruby:2.5 security update
2023-11-14 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
ibm
ibm
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
Related for RHSA-2024:4542