Skip to main content

Interpretation Conflict

CVE-2021-33621

Severity High
Score 8.8/10

Summary

The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.4 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

Advisory Timeline

  • Published