ByteOS Network

NVD Vulnerability Details :

CVE-2021-33621

Modified

Source-cve@mitre.org

Published At-18 Nov, 2022 | 23:15

Updated At-04 Nov, 2025 | 16:15

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Ruby

>>cgi>>Versions before 0.1.0.2(exclusive)

cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*

Ruby

>>cgi>>Versions from 0.2.0(inclusive) to 0.2.2(exclusive)

cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*

Ruby

>>cgi>>Versions from 0.3.0(inclusive) to 0.3.5(exclusive)

cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*

Fedora Project

>>fedora>>35

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Fedora Project

>>fedora>>36

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Fedora Project

>>fedora>>37

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Ruby

>>ruby>>Versions from 2.7.0(inclusive) to 2.7.7(exclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Ruby

>>ruby>>Versions from 3.0.0(inclusive) to 3.0.5(exclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Ruby

>>ruby>>Versions from 3.1.0(inclusive) to 3.1.3(exclusive)

cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-74	Primary	nvd@nist.gov

CWE ID: CWE-74

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/	cve@mitre.org	N/A
https://security.gentoo.org/glsa/202401-27	cve@mitre.org	N/A
https://security.netapp.com/advisory/ntap-20221228-0004/	cve@mitre.org	Third Party Advisory
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/	cve@mitre.org	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/202401-27	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.netapp.com/advisory/ntap-20221228-0004/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory