Description
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-74
Metadata
- Primary Vendor
- RUBY-LANG
- Published
- 11/18/2022
- Last Modified
- 11/4/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
ruby-lang : cgiruby-lang : cgiruby-lang : cgifedoraproject : fedorafedoraproject : fedorafedoraproject : fedoraruby-lang : rubyruby-lang : rubyruby-lang : ruby
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.