Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Related bugs and status

CVE-2021-33621 (Candidate) is related to these bugs:

Bug #2023576: proposed-migration for ruby-rackup 0.2.2-1, ruby-rack 3.0.0-1

		In	Importance	Status
2023576	proposed-migration for ruby-rackup 0.2.2-1, ruby-rack 3.0.0-1	ruby-rackup (Ubuntu)	Undecided	Fix Committed
2023576	proposed-migration for ruby-rackup 0.2.2-1, ruby-rack 3.0.0-1	ruby-rack (Ubuntu)	Undecided	Fix Committed
2023576	proposed-migration for ruby-rackup 0.2.2-1, ruby-rack 3.0.0-1	ruby-rack (Debian)	Unknown	Fix Released
2023576	proposed-migration for ruby-rackup 0.2.2-1, ruby-rack 3.0.0-1	ruby-rack-session (Ubuntu)	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.ruby-lang....
FEDORA: FEDORA-2022-ef96a58bbe
FEDORA: FEDORA-2022-f0f6c6bec2
FEDORA: FEDORA-2022-b9b710f199
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-202401-27