FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-13 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
84ab03b6-6c20-11ed-b519-080027f5fec9rubygem-cgi -- HTTP response splitting vulnerability

Hiroshi Tokumaru reports:

If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body.

Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object based on user input, an attacker may exploit it to inject invalid attributes in Set-Cookie header. We think such applications are unlikely, but we have included a change to check arguments for CGI::Cookie#initialize preventatively.


Discovery 2022-11-22
Entry 2022-11-24
rubygem-cgi
< 0.3.4

ruby
>= 2.7.0,1 lt 2.7.7,1

>= 3.0.0,1 lt 3.0.5,1

>= 3.1.0,1 lt 3.1.3,1

>= 3.2.0.p1,1 lt 3.2.0.r1,1

ruby27
>= 2.7.0,1 lt 2.7.7,1

ruby30
>= 3.0.0,1 lt 3.0.5,1

ruby31
>= 3.1.0,1 lt 3.1.3,1

ruby32
>= 3.2.0.p1,1 lt 3.2.0.r1,1

CVE-2021-33621
https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/