BIT-ruby-2021-33621

BIT-ruby-2021-33621 PUBLISHED CVSS 8.800000190734863 HIGH

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	ruby	2.7.0, 3.0.0, 3.1.0

Timeline

Mar 6, 2024 CVE Published
Nov 6, 2025 CVE Updated

References

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/ url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/ url
https://security.gentoo.org/glsa/202401-27 url
https://security.netapp.com/advisory/ntap-20221228-0004/ url
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/ url
https://nvd.nist.gov/vuln/detail/CVE-2021-33621 url
https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html url

Open in Interactive Console →