VDB
DEBIAN-CVE-2021-33621
DEBIAN-CVE-2021-33621
PUBLISHED
CVSS 8.800000190734863 HIGH
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | ruby3.1 | 0, 0, 0 |
| Debian:11 | ruby2.7 | 0, 2.7.4-1, 2.7.4-1 |
Timeline
- Nov 18, 2022 CVE Published
- Apr 28, 2026 CVE Updated