ADVISORIES
GEM
SEVERITY
CVSS v3.x: 8.8 (High)
PATCHED VERSIONS
- ~> 0.1.0.2
- ~> 0.2.2
- >= 0.3.5
DESCRIPTION
cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients.