SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 8.8		CVSS Score :
Exploit Score: 2.8		Exploit Score:
Impact Score: 5.9		Impact Score:

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector:
Attack Complexity: LOW		Access Complexity:
Privileges Required: LOW		Authentication:
User Interaction: NONE		Confidentiality:
Scope: UNCHANGED		Integrity:
Confidentiality: HIGH		Availability:
Integrity: HIGH
Availability: HIGH

Reference:

FEDORA-2022-b9b710f199

FEDORA-2022-ef96a58bbe

FEDORA-2022-f0f6c6bec2

GLSA-202401-27

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html

https://security.netapp.com/advisory/ntap-20221228-0004/

https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/


30479



423868



250108



909



196064



282