CVE-2021-33621

Summary

CVE	CVE-2021-33621
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-18 23:15:00 UTC
Updated	2024-01-24 05:15:00 UTC
Description	The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Risk And Classification

Problem Types: CWE-74

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Ruby-lang	Cgi	All	All	All	All
Application	Ruby-lang	Ruby	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 36 Update: ruby-3.1.3-172.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
HackerOne	MISC	hackerone.com
[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Ruby: Multiple vulnerabilities (GLSA 202401-27) — Gentoo security		security.gentoo.org
CVE-2021-33621: HTTP response splitting in CGI	CONFIRM	www.ruby-lang.org
[SECURITY] Fedora 36 Update: ruby-3.1.3-172.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] [DLA 3450-1] ruby2.5 security update	MLIST	lists.debian.org
CVE-2021-33621 Ruby Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160771 Oracle Enterprise Linux Security Update for ruby:2.7 (ELSA-2023-3821)
161185 Oracle Enterprise Linux Security Update for ruby:2.5 (ELSA-2023-7025)
161427 Oracle Enterprise Linux Security Update for ruby:3.1 (ELSA-2024-1431)
161454 Oracle Enterprise Linux Security Update for ruby:3.1 (ELSA-2024-1576)
181836 Debian Security Update for ruby2.5 (DLA 3450-1)
183181 Debian Security Update for ruby3.1 (CVE-2021-33621)
199124 Ubuntu Security Notification for Ruby Vulnerability (USN-5806-2)
199248 Ubuntu Security Notification for Ruby Vulnerability (USN-5806-3)
199434 Ubuntu Security Notification for Ruby Vulnerabilities (USN-6181-1)
199530 Ubuntu Security Notification for Ruby Vulnerability (USN-5806-1)
241557 Red Hat Update for rh-ruby27-ruby security (RHSA-2023:3291)
241760 Red Hat Update for ruby:2.7 security (RHSA-2023:3821)
242449 Red Hat Update for ruby:2.5 (RHSA-2023:7025)
243097 Red Hat Update for ruby:3.1 security (RHSA-2024:1431)
243151 Red Hat Update for ruby:3.1 security (RHSA-2024:1576)
283395 Fedora Security Update for ruby (FEDORA-2022-ef96a58bbe)
283396 Fedora Security Update for ruby (FEDORA-2022-f0f6c6bec2)
283496 Fedora Security Update for ruby (FEDORA-2022-b9b710f199)
296100 Oracle Solaris 11.4 Support Repository Update (SRU) 58.144.3 Missing (CPUAPR2023)
354697 Amazon Linux Security Advisory for ruby3.1 : ALAS2022-2023-262
356247 Amazon Linux Security Advisory for ruby : ALASRUBY3.0-2023-004
356289 Amazon Linux Security Advisory for ruby : ALASRUBY2.6-2023-003
356493 Amazon Linux Security Advisory for ruby : ALAS2RUBY2.6-2023-003
357337 Amazon Linux Security Advisory for ruby : ALAS2-2024-2503
378703 Alibaba Cloud Linux Security Update for ruby:2.7 (ALINUX3-SA-2023:0080)
502603 Alpine Linux Security Update for ruby
502633 Alpine Linux Security Update for ruby
502634 Alpine Linux Security Update for ruby
504379 Alpine Linux Security Update for ruby
672730 EulerOS Security Update for ruby (EulerOS-SA-2023-1483)
672733 EulerOS Security Update for ruby (EulerOS-SA-2023-1458)
672798 EulerOS Security Update for ruby (EulerOS-SA-2023-1540)
672831 EulerOS Security Update for ruby (EulerOS-SA-2023-1565)
672875 EulerOS Security Update for ruby (EulerOS-SA-2023-1609)
672906 EulerOS Security Update for ruby (EulerOS-SA-2023-1790)
672925 EulerOS Security Update for ruby (EulerOS-SA-2023-1768)
690997 Free Berkeley Software Distribution (FreeBSD) Security Update for rubygem (84ab03b6-6c20-11ed-b519-080027f5fec9)
710844 Gentoo Linux Ruby Multiple Vulnerabilities (GLSA 202401-27)
755145 SUSE Enterprise Linux Security Update for ruby2.5 (SUSE-SU-2023:4176-1)
941165 AlmaLinux Security Update for ruby:2.7 (ALSA-2023:3821)
941437 AlmaLinux Security Update for ruby:2.5 (ALSA-2023:7025)
941625 AlmaLinux Security Update for ruby:3.1 (ALSA-2024:1431)
941633 AlmaLinux Security Update for ruby:3.1 (ALSA-2024:1576)
961138 Rocky Linux Security Update for ruby:3.1 (RLSA-2024:1431)
961149 Rocky Linux Security Update for ruby:3.1 (RLSA-2024:1576)