Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/cgi@0.1.0.2
purl pkg:gem/cgi@0.1.0.2
Next non-vulnerable version 0.3.5.1
Latest non-vulnerable version 0.4.2
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-exq5-cnrm-3uhd
Aliases:
CVE-2025-27219
GHSA-gh9q-2xrm-x6qv
CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.
0.3.5.1
Affected by 0 other vulnerabilities.
0.3.7
Affected by 0 other vulnerabilities.
0.4.2
Affected by 0 other vulnerabilities.
VCID-h4mf-99f4-9bdw
Aliases:
CVE-2025-27220
GHSA-mhwm-jh88-3gjf
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.
0.3.5.1
Affected by 0 other vulnerabilities.
0.3.7
Affected by 0 other vulnerabilities.
0.4.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-9g2w-sc9w-eyce Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. CVE-2021-33621
GHSA-vc47-6rqg-c7f5

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:22:11.483062+00:00 GitLab Importer Affected by VCID-exq5-cnrm-3uhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml 38.4.0
2026-04-16T23:22:10.303382+00:00 GitLab Importer Affected by VCID-h4mf-99f4-9bdw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml 38.4.0
2026-04-12T00:41:17.394699+00:00 GitLab Importer Affected by VCID-exq5-cnrm-3uhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml 38.3.0
2026-04-12T00:41:16.231628+00:00 GitLab Importer Affected by VCID-h4mf-99f4-9bdw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml 38.3.0
2026-04-03T21:28:21.815980+00:00 GitLab Importer Fixing VCID-9g2w-sc9w-eyce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-33621.yml 38.1.0
2026-04-03T00:49:12.932142+00:00 GitLab Importer Affected by VCID-exq5-cnrm-3uhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml 38.1.0
2026-04-03T00:49:11.375566+00:00 GitLab Importer Affected by VCID-h4mf-99f4-9bdw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml 38.1.0
2026-04-01T16:04:02.573562+00:00 GHSA Importer Fixing VCID-9g2w-sc9w-eyce https://github.com/advisories/GHSA-vc47-6rqg-c7f5 38.0.0
2026-04-01T13:07:05.565905+00:00 GithubOSV Importer Fixing VCID-9g2w-sc9w-eyce https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-vc47-6rqg-c7f5/GHSA-vc47-6rqg-c7f5.json 38.0.0