CVE-2021-33621 Information

Description

cgi.rb in Ruby through 2.6.x through 3.0x and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header an attacker can exploit it to insert a newline character to split a header and inject malicious content to deceive clients.

Reference

https://hackerone.com/reports/1204695