Skip to content

Commit 094a479

Browse files
postmodernpostmodern
committed
Added CVE-2021-33621 for the cgi gem.
* https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
1 parent d97d6c7 commit 094a479

1 file changed

Lines changed: 19 additions & 0 deletions

File tree

gems/cgi/CVE-2021-33621.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
---
2+
gem: cgi
3+
cve: 2021-33621
4+
ghsa: vc47-6rqg-c7f5
5+
url: https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
6+
title: HTTP response splitting in CGI
7+
date: 2022-11-18
8+
description: |-
9+
cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP
10+
header injection. If a CGI application using the CGI library inserts
11+
untrusted input into the HTTP response header, an attacker can exploit it to
12+
insert a newline character to split a header, and inject malicious content to
13+
deceive clients.
14+
15+
cvss_v3: 8.8
16+
patched_versions:
17+
- "~> 0.1.0.2"
18+
- "~> 0.2.2"
19+
- ">= 0.3.5"

0 commit comments

Comments
 (0)