Description

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Remediation

References

CVE-2021-33621

Related Vulnerabilities

Oracle Database Server CVE-2007-2114 Vulnerability (CVE-2007-2114)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33944)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2222)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11047)

WordPress Plugin Smart Manager for WooCommerce & WPeC SQL Injection (3.9.6)

Severity

High

Classification

CVE-2021-33621 CWE-436 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities