what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2021-33621

Status Candidate

Overview

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

Related Files

Red Hat Security Advisory 2024-1576-03
Posted Apr 1, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1576-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | b6e1698061c4887c5634a86dda77570a2587b1aebe8ea42dc4a4b6b3689def4c
Red Hat Security Advisory 2024-1431-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1431-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | 042d689fc8cb50b8ece70559d244a1def7afed86f869acf6f24510d0752ca7e1
Gentoo Linux Security Advisory 202401-27
Posted Jan 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.

tags | advisory, arbitrary, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2020-25613, CVE-2021-31810, CVE-2021-32066, CVE-2021-33621, CVE-2021-41816, CVE-2021-41817, CVE-2021-41819, CVE-2022-28738, CVE-2022-28739, CVE-2023-28755, CVE-2023-28756
SHA-256 | 94bd32b96511589b4ae3eae1e1b96022fbaeeb99eb332b00a775c863282498ba
Red Hat Security Advisory 2023-7025-01
Posted Nov 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7025-01 - An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | f659be7cbae940aa07964e47a15d975938bacceabfbc0234d166401b3f385f65
Red Hat Security Advisory 2023-3821-01
Posted Jun 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3821-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621, CVE-2023-28755, CVE-2023-28756
SHA-256 | 915adbe516e63371c901e0dbf9c061957d731f589acb09f314d7244a05d2317a
Ubuntu Security Notice USN-6181-1
Posted Jun 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | f634308d9f8170226b080952b6f1730c28beb18e02e1b9af7f1902121a0a253c
Red Hat Security Advisory 2023-3291-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3291-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621, CVE-2023-28755, CVE-2023-28756
SHA-256 | 20dec59adcb39ef2916d6cca7cd13c8ca58d1f5b2b3c7506b88fe76014af5ad2
Ubuntu Security Notice USN-5806-3
Posted Mar 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 2946affe6446c720209e8c8a6781b9e746e6210d18a5a939af4608b1e97f3dfd
Ubuntu Security Notice USN-5806-2
Posted Jan 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 5e9eaa591a250702e16d36f855a65138db55f846075d60d7208d9a3e346086a8
Ubuntu Security Notice USN-5806-1
Posted Jan 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 75ea48c38a96b7594dbd0877d422b431f6c885a45730d787e0fa46952d38d26c
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close