Source: ruby3.1 Version: 3.1.2-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: clone -1 -2 Control: reassign -2 src:ruby3.0 3.0.4-8 Control: retitle -2 ruby3.0: CVE-2021-33621
Hi, The following vulnerability was published for ruby. CVE-2021-33621[0]: | The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 | for Ruby allows HTTP response splitting. This is relevant to | applications that use untrusted user input either to generate an HTTP | response or to create a CGI::Cookie object. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33621 https://www.cve.org/CVERecord?id=CVE-2021-33621 [1] https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/ Regards, Salvatore