CVE-2021-33621

Published: Nov 18, 2022

Modified: Nov 4, 2025

PUBLISHED

Description

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

FEDORA-2022-ef96a58bbe

vendor-advisory

FEDORA-2022-f0f6c6bec2

vendor-advisory

FEDORA-2022-b9b710f199

vendor-advisory

https://security.netapp.com/advisory/ntap-20221228-0004/

[debian-lts-announce] 20230609 [SECURITY] [DLA 3450-1] ruby2.5 security update

mailing-list

GLSA-202401-27

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-33621

Description

Affected Products

References