CVE-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/
https://security.gentoo.org/glsa/202401-27
https://security.netapp.com/advisory/ntap-20221228-0004/	Third Party Advisory
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ruby-lang:cgi::::::ruby::*
	cpe:2.3:a:ruby-lang:cgi::::::ruby::*
	cpe:2.3:a:ruby-lang:cgi::::::ruby::*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::

History

No history.

Information

Published : 2022-11-18 23:15

Updated : 2024-01-24 05:15

NVD link : CVE-2021-33621

Mitre link : CVE-2021-33621

CVE.ORG link : CVE-2021-33621

JSON object : View

Products Affected

ruby-lang

ruby
cgi

fedoraproject

fedora

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2021-33621", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-11-18T23:15:18.987", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202401-27", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20221228-0004/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object."}, {"lang": "es", "value": "La gema cgi anterior a 0.1.0.2, 0.2.x anterior a 0.2.2 y 0.3.x anterior a 0.3.5 para Ruby permite la divisi\u00f3n de respuestas HTTP. Esto es relevante para aplicaciones que utilizan entradas de usuarios que no son de confianza, ya sea para generar una respuesta HTTP o para crear un objeto CGI::Cookie."}], "lastModified": "2024-01-24T05:15:10.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "CABF5DC4-7B4F-4548-B2DF-914B096246B8", "versionEndExcluding": "0.1.0.2"}, {"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "E6B2E611-4DD9-4265-AC1E-AA10826582D2", "versionEndExcluding": "0.2.2", "versionStartIncluding": "0.2.0"}, {"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "A6DA6066-2A67-4EE2-934F-3A0CF3D66AA7", "versionEndExcluding": "0.3.5", "versionStartIncluding": "0.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3553CC40-CE13-48A8-B959-0C0B96F1FAD1", "versionEndExcluding": "2.7.7", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3047B1E3-1CB1-4270-AB66-CF194AECB87E", "versionEndExcluding": "3.0.5", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "576D85B3-8EA3-42F8-89FE-316057C9971D", "versionEndExcluding": "3.1.3", "versionStartIncluding": "3.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}