Skip to main content

Interpretation Conflict


Severity High
Score 8.8/10


The cgi gem prior to, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.4 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

Advisory Timeline

  • Published