CVE-2021-33621: Interpretation Conflict

November 18, 2022 (updated January 24, 2024)

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

References

nvd.nist.gov/vuln/detail/CVE-2021-33621
www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/

Code Behaviors & Features

Detect and mitigate CVE-2021-33621 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →