Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2021-33621: ELSA-2023-7025: ruby:2.5 security update (MODERATE) (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Oracle Linux: CVE-2021-33621: ELSA-2023-7025: ruby:2.5 security update (MODERATE) (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

11/18/2022

Created

07/10/2023

Added

07/08/2023

Modified

12/18/2024

Description

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients.

Solution(s)

oracle-linux-upgrade-ruby
oracle-linux-upgrade-ruby-bundled-gems
oracle-linux-upgrade-ruby-default-gems
oracle-linux-upgrade-ruby-devel
oracle-linux-upgrade-ruby-doc
oracle-linux-upgrade-rubygem-abrt
oracle-linux-upgrade-rubygem-abrt-doc
oracle-linux-upgrade-rubygem-bigdecimal
oracle-linux-upgrade-rubygem-bson
oracle-linux-upgrade-rubygem-bson-doc
oracle-linux-upgrade-rubygem-bundler
oracle-linux-upgrade-rubygem-io-console
oracle-linux-upgrade-rubygem-irb
oracle-linux-upgrade-rubygem-json
oracle-linux-upgrade-rubygem-minitest
oracle-linux-upgrade-rubygem-mongo
oracle-linux-upgrade-rubygem-mongo-doc
oracle-linux-upgrade-rubygem-mysql2
oracle-linux-upgrade-rubygem-mysql2-doc
oracle-linux-upgrade-rubygem-net-telnet
oracle-linux-upgrade-rubygem-openssl
oracle-linux-upgrade-rubygem-pg
oracle-linux-upgrade-rubygem-pg-doc
oracle-linux-upgrade-rubygem-power-assert
oracle-linux-upgrade-rubygem-psych
oracle-linux-upgrade-rubygem-rake
oracle-linux-upgrade-rubygem-rbs
oracle-linux-upgrade-rubygem-rdoc
oracle-linux-upgrade-rubygem-rexml
oracle-linux-upgrade-rubygem-rss
oracle-linux-upgrade-rubygems
oracle-linux-upgrade-rubygems-devel
oracle-linux-upgrade-rubygem-test-unit
oracle-linux-upgrade-rubygem-typeprof
oracle-linux-upgrade-rubygem-xmlrpc
oracle-linux-upgrade-ruby-libs

References

https://attackerkb.com/topics/cve-2021-33621
CVE - 2021-33621
ELSA-2023-7025
ELSA-2024-3500
ELSA-2024-1431
ELSA-2024-1576
ELSA-2024-3838
ELSA-2023-3821

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Linux: CVE-2021-33621: ELSA-2023-7025: ruby:2.5 security update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2021-33621: ELSA-2023-7025: ruby:2.5 security update (MODERATE) (Multiple Advisories)

Description

Solution(s)

References

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.