CVE-2021-33621

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cgi gem versions 0.1.0.0 through 0.1.0.1 cgi gem versions 0.2.0 through 0.2.1 cgi gem versions 0.3.0 through 0.3.4

Description The issue is related to HTTP response splitting, which occurs when untrusted user input is inserted into an HTTP response header. This allows an attacker to inject malicious content, potentially leading to access to confidential data, disruption of data integrity, and denial of service. The vulnerability is relevant to applications that use the cgi gem to generate HTTP responses or create CGI::Cookie objects based on user input.

Recommendations For cgi gem version 0.1.0.0 through 0.1.0.1, update to version 0.1.0.2 or later. For cgi gem version 0.2.0 through 0.2.1, update to version 0.2.2 or later. For cgi gem version 0.3.0 through 0.3.4, update to version 0.3.5 or later. As a temporary workaround, consider validating and sanitizing user input before inserting it into HTTP response headers or CGI::Cookie objects to minimize the risk of exploitation.

Exploit

Fix

DoS

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-436CWE-74

Related Identifiers

ALSA-2022_6585

ALSA-2023:3821

ALSA-2023:7025

ALSA-2023_3821

ALSA-2023_7025

ALSA-2024:1431

ALSA-2024:1576

ALSA-2024:3500

ALSA-2024:3838

ALSA-2024_1431

ALSA-2024_1576

ALSA-2024_3500

ALSA-2024_3838

ALSA-2025_16880

ALT-PU-2023-7986

ALT-PU-2024-2130

ALT-PU-2024-7811

BDU:2023-03834

BIT-RUBY-2021-33621

BIT-RUBY-MIN-2021-33621

CESA-2023_3821

CESA-2023_7025

CESA-2024_1431

CESA-2024_3500

CVE-2021-33621

DLA-3450-1

DLA-3858-1

ELSA-2023-3821

ELSA-2023-7025

ELSA-2024-1431

ELSA-2024-1576

ELSA-2024-3500

ELSA-2024-3838

GHSA-VC47-6RQG-C7F5

INFSA-2024_3500

INFSA-2024_3838

MGASA-2022-0454

OESA-2023-1003

OPENSUSE-SU-2023_4176-1

OPENSUSE-SU-2024:12539-1

RHSA-2023:3291

RHSA-2023:3821

RHSA-2023:7025

RHSA-2023_3821

RHSA-2023_7025

RHSA-2024:1431

RHSA-2024:1576

RHSA-2024:3500

RHSA-2024:3838

RHSA-2024:4542

RHSA-2024_1431

RHSA-2024_1576

RHSA-2024_3500

RHSA-2024_3838

RLSA-2023:3821

RLSA-2023_3821

RLSA-2024:1431

RLSA-2024:1576

RLSA-2024_1431

RLSA-2024_1576

RLSA-2024_3500

SUSE-SU-2023:4176-1

USN-5806-1

USN-5806-2

USN-5806-3

USN-6181-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Cgi

CVE-2021-33621

Weakness Enumeration

Related Identifiers

Affected Products

References · 123