Interpretation Conflict
CVE-2021-33621
Summary
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.4 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-436 - Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
References
Advisory Timeline
- Published