{"url":"http://public2.vulnerablecode.io/api/packages/18337?format=json","purl":"pkg:gem/cgi@0.3.1","type":"gem","namespace":"","name":"cgi","version":"0.3.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.3.5.1","latest_non_vulnerable_version":"0.4.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23382?format=json","vulnerability_id":"VCID-jpzg-ue5h-jqgh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27219.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27219","reference_id":"","reference_type":"","scores":[{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57798","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.5791","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27219"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/cgi","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi"},{"reference_url":"https://github.com/ruby/cgi/pull/52","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/pull/52"},{"reference_url":"https://github.com/ruby/cgi/pull/53","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/pull/53"},{"reference_url":"https://github.com/ruby/cgi/pull/54","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/pull/54"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27219","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27219"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-27219","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-27219"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103792","reference_id":"1103792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103792"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349699","reference_id":"2349699","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349699"},{"reference_url":"https://hackerone.com/reports/2936778","reference_id":"2936778","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:41:05Z/"}],"url":"https://hackerone.com/reports/2936778"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml","reference_id":"CVE-2025-27219.yml","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:41:05Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml"},{"reference_url":"https://github.com/advisories/GHSA-gh9q-2xrm-x6qv","reference_id":"GHSA-gh9q-2xrm-x6qv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gh9q-2xrm-x6qv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10217","reference_id":"RHSA-2025:10217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4063","reference_id":"RHSA-2025:4063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4487","reference_id":"RHSA-2025:4487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4488","reference_id":"RHSA-2025:4488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4493","reference_id":"RHSA-2025:4493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8131","reference_id":"RHSA-2025:8131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8131"},{"reference_url":"https://usn.ubuntu.com/7418-1/","reference_id":"USN-7418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7418-1/"},{"reference_url":"https://usn.ubuntu.com/7442-1/","reference_id":"USN-7442-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7442-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377952?format=json","purl":"pkg:gem/cgi@0.3.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/377953?format=json","purl":"pkg:gem/cgi@0.3.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/377954?format=json","purl":"pkg:gem/cgi@0.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.4.2"}],"aliases":["CVE-2025-27219","GHSA-gh9q-2xrm-x6qv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpzg-ue5h-jqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23384?format=json","vulnerability_id":"VCID-jz1h-y5a8-4yc1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27220.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27220","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4816","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48297","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/cgi","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi"},{"reference_url":"https://github.com/ruby/cgi/pull/52","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/pull/52"},{"reference_url":"https://github.com/ruby/cgi/pull/53","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/pull/53"},{"reference_url":"https://github.com/ruby/cgi/pull/54","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/pull/54"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27220","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27220"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-27220","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-27220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103793","reference_id":"1103793","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103793"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349696","reference_id":"2349696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349696"},{"reference_url":"https://hackerone.com/reports/2890322","reference_id":"2890322","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:39:36Z/"}],"url":"https://hackerone.com/reports/2890322"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml","reference_id":"CVE-2025-27220.yml","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"4.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:39:36Z/"}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml"},{"reference_url":"https://github.com/advisories/GHSA-mhwm-jh88-3gjf","reference_id":"GHSA-mhwm-jh88-3gjf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mhwm-jh88-3gjf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4063","reference_id":"RHSA-2025:4063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4487","reference_id":"RHSA-2025:4487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4488","reference_id":"RHSA-2025:4488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4488"},{"reference_url":"https://usn.ubuntu.com/7418-1/","reference_id":"USN-7418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7418-1/"},{"reference_url":"https://usn.ubuntu.com/7442-1/","reference_id":"USN-7442-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7442-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377952?format=json","purl":"pkg:gem/cgi@0.3.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/377953?format=json","purl":"pkg:gem/cgi@0.3.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/377954?format=json","purl":"pkg:gem/cgi@0.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.4.2"}],"aliases":["CVE-2025-27220","GHSA-mhwm-jh88-3gjf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jz1h-y5a8-4yc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178776?format=json","vulnerability_id":"VCID-uyf1-pfsp-aqbw","summary":"Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41816.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41816","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65653","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65751","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819"},{"reference_url":"https://github.com/ruby/cgi","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi"},{"reference_url":"https://github.com/ruby/cgi/commit/959ccf0b6a672bcc64aeaa60c6e1f9e728f1e87f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/959ccf0b6a672bcc64aeaa60c6e1f9e728f1e87f"},{"reference_url":"https://github.com/ruby/cgi/commit/ad079c1cb5f58eba1ffac46da79995fcf94a3a6e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/ad079c1cb5f58eba1ffac46da79995fcf94a3a6e"},{"reference_url":"https://github.com/ruby/cgi/commit/c6a37a671b556eb06140ea89cc465136b24207a6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/c6a37a671b556eb06140ea89cc465136b24207a6"},{"reference_url":"https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/4MQ568ZG47c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/4MQ568ZG47c"},{"reference_url":"https://hackerone.com/reports/1328463","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1328463"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220303-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220303-0006/"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026752","reference_id":"2026752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026752"},{"reference_url":"https://security.archlinux.org/AVG-2582","reference_id":"AVG-2582","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2582"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41816","reference_id":"CVE-2021-41816","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41816"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2021-41816","reference_id":"CVE-2021-41816","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2021-41816"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41816.yml","reference_id":"CVE-2021-41816.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41816.yml"},{"reference_url":"https://github.com/advisories/GHSA-5cqm-crxm-6qpv","reference_id":"GHSA-5cqm-crxm-6qpv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cqm-crxm-6qpv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6855","reference_id":"RHSA-2022:6855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6856","reference_id":"RHSA-2022:6856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6856"},{"reference_url":"https://usn.ubuntu.com/5235-1/","reference_id":"USN-5235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5235-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392155?format=json","purl":"pkg:gem/cgi@0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"},{"vulnerability":"VCID-xdcv-kusv-kfdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.2"}],"aliases":["CVE-2021-41816","GHSA-5cqm-crxm-6qpv","GMS-2021-17"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyf1-pfsp-aqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9612?format=json","vulnerability_id":"VCID-xdcv-kusv-kfdd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33621.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33621.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33621","reference_id":"","reference_type":"","scores":[{"value":"0.011","scoring_system":"epss","scoring_elements":"0.7852","published_at":"2026-06-12T12:55:00Z"},{"value":"0.011","scoring_system":"epss","scoring_elements":"0.78453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33621"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://hackerone.com/reports/1204695","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1204695"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221228-0004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221228-0004"},{"reference_url":"https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621"},{"reference_url":"https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024799","reference_id":"1024799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024799"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2149706","reference_id":"2149706","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2149706"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33621","reference_id":"CVE-2021-33621","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33621"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-33621.yml","reference_id":"CVE-2021-33621.YML","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-33621.yml"},{"reference_url":"https://github.com/advisories/GHSA-vc47-6rqg-c7f5","reference_id":"GHSA-vc47-6rqg-c7f5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vc47-6rqg-c7f5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3291","reference_id":"RHSA-2023:3291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3821","reference_id":"RHSA-2023:3821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7025","reference_id":"RHSA-2023:7025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1431","reference_id":"RHSA-2024:1431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1576","reference_id":"RHSA-2024:1576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3500","reference_id":"RHSA-2024:3500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3838","reference_id":"RHSA-2024:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4542","reference_id":"RHSA-2024:4542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4542"},{"reference_url":"https://usn.ubuntu.com/5806-1/","reference_id":"USN-5806-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5806-1/"},{"reference_url":"https://usn.ubuntu.com/5806-2/","reference_id":"USN-5806-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5806-2/"},{"reference_url":"https://usn.ubuntu.com/5806-3/","reference_id":"USN-5806-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5806-3/"},{"reference_url":"https://usn.ubuntu.com/6181-1/","reference_id":"USN-6181-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6181-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27927?format=json","purl":"pkg:gem/cgi@0.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.5"}],"aliases":["CVE-2021-33621","GHSA-vc47-6rqg-c7f5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdcv-kusv-kfdd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10124?format=json","vulnerability_id":"VCID-s9bv-k56p-1yf4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41819.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41819.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41819","reference_id":"","reference_type":"","scores":[{"value":"0.00765","scoring_system":"epss","scoring_elements":"0.73894","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00765","scoring_system":"epss","scoring_elements":"0.73969","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/ruby/cgi","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220121-0003"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819"},{"reference_url":"https://security.gentoo.org/glsa/202401-27","reference_id":"202401-27","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://security.gentoo.org/glsa/202401-27"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026757","reference_id":"2026757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026757"},{"reference_url":"https://hackerone.com/reports/910552","reference_id":"910552","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://hackerone.com/reports/910552"},{"reference_url":"https://security.archlinux.org/AVG-2555","reference_id":"AVG-2555","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2555"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/","reference_id":"cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41819","reference_id":"CVE-2021-41819","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41819"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41819.yml","reference_id":"CVE-2021-41819.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41819.yml"},{"reference_url":"https://github.com/advisories/GHSA-4vf4-qmvg-mh7h","reference_id":"GHSA-4vf4-qmvg-mh7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vf4-qmvg-mh7h"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/","reference_id":"IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220121-0003/","reference_id":"ntap-20220121-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220121-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0543","reference_id":"RHSA-2022:0543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0544","reference_id":"RHSA-2022:0544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0581","reference_id":"RHSA-2022:0581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0581"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0582","reference_id":"RHSA-2022:0582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0708","reference_id":"RHSA-2022:0708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5779","reference_id":"RHSA-2022:5779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6447","reference_id":"RHSA-2022:6447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6450","reference_id":"RHSA-2022:6450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6855","reference_id":"RHSA-2022:6855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6856","reference_id":"RHSA-2022:6856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7305","reference_id":"RHSA-2026:7305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7307","reference_id":"RHSA-2026:7307","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7307"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8838","reference_id":"RHSA-2026:8838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"reference_url":"https://usn.ubuntu.com/5235-1/","reference_id":"USN-5235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5235-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/","reference_id":"UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T14:43:38Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18338?format=json","purl":"pkg:gem/cgi@0.1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18340?format=json","purl":"pkg:gem/cgi@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"},{"vulnerability":"VCID-s9bv-k56p-1yf4"},{"vulnerability":"VCID-uyf1-pfsp-aqbw"},{"vulnerability":"VCID-xdcv-kusv-kfdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18337?format=json","purl":"pkg:gem/cgi@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"},{"vulnerability":"VCID-uyf1-pfsp-aqbw"},{"vulnerability":"VCID-xdcv-kusv-kfdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.1"}],"aliases":["CVE-2021-41819","GHSA-4vf4-qmvg-mh7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9bv-k56p-1yf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178776?format=json","vulnerability_id":"VCID-uyf1-pfsp-aqbw","summary":"Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41816.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41816","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65653","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65751","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819"},{"reference_url":"https://github.com/ruby/cgi","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi"},{"reference_url":"https://github.com/ruby/cgi/commit/959ccf0b6a672bcc64aeaa60c6e1f9e728f1e87f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/959ccf0b6a672bcc64aeaa60c6e1f9e728f1e87f"},{"reference_url":"https://github.com/ruby/cgi/commit/ad079c1cb5f58eba1ffac46da79995fcf94a3a6e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/ad079c1cb5f58eba1ffac46da79995fcf94a3a6e"},{"reference_url":"https://github.com/ruby/cgi/commit/c6a37a671b556eb06140ea89cc465136b24207a6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/c6a37a671b556eb06140ea89cc465136b24207a6"},{"reference_url":"https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/4MQ568ZG47c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/4MQ568ZG47c"},{"reference_url":"https://hackerone.com/reports/1328463","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/1328463"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220303-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220303-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220303-0006/"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816"},{"reference_url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026752","reference_id":"2026752","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026752"},{"reference_url":"https://security.archlinux.org/AVG-2582","reference_id":"AVG-2582","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2582"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41816","reference_id":"CVE-2021-41816","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41816"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2021-41816","reference_id":"CVE-2021-41816","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2021-41816"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41816.yml","reference_id":"CVE-2021-41816.YML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2021-41816.yml"},{"reference_url":"https://github.com/advisories/GHSA-5cqm-crxm-6qpv","reference_id":"GHSA-5cqm-crxm-6qpv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cqm-crxm-6qpv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6855","reference_id":"RHSA-2022:6855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6856","reference_id":"RHSA-2022:6856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6856"},{"reference_url":"https://usn.ubuntu.com/5235-1/","reference_id":"USN-5235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5235-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18338?format=json","purl":"pkg:gem/cgi@0.1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18340?format=json","purl":"pkg:gem/cgi@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"},{"vulnerability":"VCID-s9bv-k56p-1yf4"},{"vulnerability":"VCID-uyf1-pfsp-aqbw"},{"vulnerability":"VCID-xdcv-kusv-kfdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/18337?format=json","purl":"pkg:gem/cgi@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"},{"vulnerability":"VCID-uyf1-pfsp-aqbw"},{"vulnerability":"VCID-xdcv-kusv-kfdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/392155?format=json","purl":"pkg:gem/cgi@0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jpzg-ue5h-jqgh"},{"vulnerability":"VCID-jz1h-y5a8-4yc1"},{"vulnerability":"VCID-xdcv-kusv-kfdd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.2"}],"aliases":["CVE-2021-41816","GHSA-5cqm-crxm-6qpv","GMS-2021-17"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyf1-pfsp-aqbw"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/cgi@0.3.1"}