Timeline

• Apr 9, 2023 CVE Published
• Apr 9, 2023 PoC Published

References

• Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information advisory