cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP
header injection. If a CGI application using the CGI library inserts
untrusted input into the HTTP response header, an attacker can exploit it to
insert a newline character to split a header, and inject malicious content to
deceive clients.

Affected configurations

Vulners

Node

rubycgiRange0.1.0–0.1.0.2

rubycgiRange0.2.0–0.2.2

rubycgiRange≤0.3.5

VendorProductVersionCPE
rubycgi*cpe:2.3:a:ruby:cgi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby	cgi	*	cpe:2.3:a:ruby:cgi::::::::

References

www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

openvas 21

nessus 53

fedora 3

osv 19

ubuntu 4

cve 1

debiancve 1

hackerone 4

nvd 1

alpinelinux 1

prion 1

slackware 1

veracode 1

freebsd 1

cvelist 1

redhatcve 1

wolfi 1

amazon 1

cloudfoundry 1

mageia 1

rubygems 1

github 1

redhat 8

redos 1

ubuntucve 1

cgr 1

photon 3

debian 2

oraclelinux 6

rocky 3

almalinux 6

ibm 2

gentoo 1

openvas

Fedora: Security Advisory for ruby (FEDORA-2022-ef96a58bbe)

2022-12-08 00:00:00

Fedora: Security Advisory for ruby (FEDORA-2022-f0f6c6bec2)

2022-12-09 00:00:00

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-1458)

2023-03-09 00:00:00

nessus

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-1483)

2023-03-09 00:00:00

Slackware Linux 15.0 / current ruby Vulnerability (SSA:2022-328-01)

2022-11-25 00:00:00

Photon OS 5.0: Ruby PHSA-2024-5.0-0221

2024-07-24 00:00:00

fedora

[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35

2022-12-09 00:49:28

[SECURITY] Fedora 36 Update: ruby-3.1.3-172.fc36

2022-12-08 01:56:31

[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37

2022-12-08 02:06:38

osv

ruby2.3 vulnerability

2023-01-17 15:59:06

BIT-ruby-2021-33621

2024-03-06 11:05:00

libruby3_1-3_1-3.1.3-1.1 on GA media

2024-06-15 00:00:00

ubuntu

Ruby vulnerability

2023-03-20 00:00:00

Ruby vulnerability

2023-01-23 00:00:00

Ruby vulnerability

2023-01-17 00:00:00

cve

CVE-2021-33621

2022-11-18 23:15:18

debiancve

CVE-2021-33621

2022-11-18 23:15:18

hackerone

Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class

2023-03-01 08:03:28

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

2023-03-01 07:59:07

Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

2021-05-21 12:21:26

nvd

CVE-2021-33621

2022-11-18 23:15:18

alpinelinux

CVE-2021-33621

2022-11-18 23:15:18

prion

Design/Logic Flaw

2022-11-18 23:15:00

slackware

[slackware-security] ruby

2022-11-24 21:00:38

veracode

HTTP Response Splitting

2022-12-07 11:55:45

freebsd

rubygem-cgi -- HTTP response splitting vulnerability

2022-11-22 00:00:00

cvelist

CVE-2021-33621

2022-11-18 00:00:00

redhatcve

CVE-2021-33621

2022-11-30 16:56:14

wolfi

CVE-2021-33621 vulnerabilities

2024-09-30 09:32:54

amazon

Important: ruby

2024-03-13 20:26:00

cloudfoundry

USN-5806-2: Ruby vulnerability | Cloud Foundry

2023-02-24 00:00:00

mageia

Updated ruby packages fix security vulnerability

2022-12-14 01:09:19

rubygems

HTTP response splitting in CGI

2022-11-21 21:00:00

github

HTTP response splitting in CGI

2022-11-19 00:30:55

redhat

(RHSA-2024:4542) Moderate: ruby security update

2024-07-15 15:44:19

(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update

2023-06-27 13:35:33

(RHSA-2023:3291) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update

2023-05-24 08:44:46

redos

ROS-20240827-04

2024-08-27 00:00:00

ubuntucve

CVE-2021-33621

2022-11-18 00:00:00

cgr

CVE-2021-33621 vulnerabilities

2024-05-19 03:07:16

photon

Important Photon OS Security Update - PHSA-2024-5.0-0221

2024-03-04 00:00:00

Important Photon OS Security Update - PHSA-2024-4.0-0562

2024-02-08 00:00:00

Important Photon OS Security Update - PHSA-2024-3.0-0732

2024-02-29 00:00:00

debian

[SECURITY] [DLA 3450-1] ruby2.5 security update

2023-06-09 10:23:43

[SECURITY] [DLA 3858-1] ruby2.7 security update

2024-09-02 12:46:22

oraclelinux

ruby:2.7 security, bug fix, and enhancement update

2023-07-08 00:00:00

ruby:3.1 security, bug fix, and enhancement update

2024-04-02 00:00:00

ruby:2.5 security update

2023-11-18 00:00:00

rocky

ruby:2.7 security, bug fix, and enhancement update

2023-08-31 16:54:34

ruby:3.1 security, bug fix, and enhancement update

2024-03-27 04:34:32

ruby:3.1 security, bug fix, and enhancement update

2024-04-05 14:57:12

almalinux

Moderate: ruby:2.7 security, bug fix, and enhancement update

2023-06-27 00:00:00

Moderate: ruby:2.5 security update

2023-11-14 00:00:00

Moderate: ruby:3.1 security, bug fix, and enhancement update

2024-04-01 00:00:00

ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

2023-11-01 10:38:44

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

2023-07-18 13:09:31

gentoo

Ruby: Multiple vulnerabilities

2024-01-24 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JSON

Related for RUBY:CGI-2021-33621