VulnerableCode Package Details

Search for packages

Vulnerability	Summary	Fixed by
VCID-1vp9-6q85-5ffv Aliases: CVE-2021-41819 GHSA-4vf4-qmvg-mh7h	Reliance on Cookies without Validation and Integrity Checking in a Security Decision CGI::Cookie.parse in Ruby mishandles security prefixes in cookie names. This also affects the CGI gem for Ruby.	0.3.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9g2w-sc9w-eyce Aliases: CVE-2021-33621 GHSA-vc47-6rqg-c7f5	Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.	0.3.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-exq5-cnrm-3uhd Aliases: CVE-2025-27219 GHSA-gh9q-2xrm-x6qv	CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.	0.3.5.1 Affected by 0 other vulnerabilities. 0.3.7 Affected by 0 other vulnerabilities. 0.4.2 Affected by 0 other vulnerabilities.
VCID-gfjn-m9zp-57c5 Aliases: CVE-2021-41816 GHSA-5cqm-crxm-6qpv GMS-2021-17	Duplicate This advisory duplicates another.	0.3.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.3.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-h4mf-99f4-9bdw Aliases: CVE-2025-27220 GHSA-mhwm-jh88-3gjf	CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.	0.3.5.1 Affected by 0 other vulnerabilities. 0.3.7 Affected by 0 other vulnerabilities. 0.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1vp9-6q85-5ffv
Aliases:
CVE-2021-41819
GHSA-4vf4-qmvg-mh7h

Reliance on Cookies without Validation and Integrity Checking in a Security Decision CGI::Cookie.parse in Ruby mishandles security prefixes in cookie names. This also affects the CGI gem for Ruby.

0.3.1
Affected by 4 other vulnerabilities.

VCID-9g2w-sc9w-eyce
Aliases:
CVE-2021-33621
GHSA-vc47-6rqg-c7f5

Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.

0.3.5
Affected by 2 other vulnerabilities.

VCID-exq5-cnrm-3uhd
Aliases:
CVE-2025-27219
GHSA-gh9q-2xrm-x6qv

CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.

0.3.5.1
Affected by 0 other vulnerabilities.

0.3.7
Affected by 0 other vulnerabilities.

0.4.2
Affected by 0 other vulnerabilities.

VCID-gfjn-m9zp-57c5
Aliases:
CVE-2021-41816
GHSA-5cqm-crxm-6qpv
GMS-2021-17

Duplicate This advisory duplicates another.

0.3.1
Affected by 4 other vulnerabilities.

0.3.2
Affected by 3 other vulnerabilities.

VCID-h4mf-99f4-9bdw
Aliases:
CVE-2025-27220
GHSA-mhwm-jh88-3gjf

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.

0.3.5.1
Affected by 0 other vulnerabilities.

0.3.7
Affected by 0 other vulnerabilities.

0.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:22:11.500391+00:00	GitLab Importer	Affected by	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.4.0
2026-04-16T23:22:10.319932+00:00	GitLab Importer	Affected by	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.4.0
2026-04-16T22:15:53.937547+00:00	GitLab Importer	Affected by	VCID-9g2w-sc9w-eyce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-33621.yml	38.4.0
2026-04-16T21:38:27.131507+00:00	GitLab Importer	Affected by	VCID-gfjn-m9zp-57c5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41816.yml	38.4.0
2026-04-16T21:36:52.096057+00:00	GitLab Importer	Affected by	VCID-1vp9-6q85-5ffv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41819.yml	38.4.0
2026-04-12T00:41:17.415857+00:00	GitLab Importer	Affected by	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.3.0
2026-04-12T00:41:16.252446+00:00	GitLab Importer	Affected by	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.3.0
2026-04-11T23:33:09.255899+00:00	GitLab Importer	Affected by	VCID-9g2w-sc9w-eyce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-33621.yml	38.3.0
2026-04-11T22:53:08.077012+00:00	GitLab Importer	Affected by	VCID-gfjn-m9zp-57c5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41816.yml	38.3.0
2026-04-11T22:50:47.996643+00:00	GitLab Importer	Affected by	VCID-1vp9-6q85-5ffv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41819.yml	38.3.0
2026-04-03T00:49:12.951121+00:00	GitLab Importer	Affected by	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.1.0
2026-04-03T00:49:11.394573+00:00	GitLab Importer	Affected by	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.1.0
2026-04-02T23:38:13.894774+00:00	GitLab Importer	Affected by	VCID-9g2w-sc9w-eyce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-33621.yml	38.1.0
2026-04-02T23:02:29.238621+00:00	GitLab Importer	Affected by	VCID-gfjn-m9zp-57c5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41816.yml	38.1.0
2026-04-02T23:00:10.846741+00:00	GitLab Importer	Affected by	VCID-1vp9-6q85-5ffv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41819.yml	38.1.0
2026-04-01T18:00:30.776601+00:00	GitLab Importer	Affected by	VCID-9g2w-sc9w-eyce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-33621.yml	38.0.0
2026-04-01T17:21:20.130405+00:00	GitLab Importer	Affected by	VCID-gfjn-m9zp-57c5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41816.yml	38.0.0
2026-04-01T16:04:02.534435+00:00	GHSA Importer	Affected by	VCID-9g2w-sc9w-eyce	https://github.com/advisories/GHSA-vc47-6rqg-c7f5	38.0.0
2026-04-01T15:59:22.870565+00:00	GHSA Importer	Affected by	VCID-1vp9-6q85-5ffv	https://github.com/advisories/GHSA-4vf4-qmvg-mh7h	38.0.0
2026-04-01T15:59:10.099570+00:00	GHSA Importer	Affected by	VCID-gfjn-m9zp-57c5	https://github.com/advisories/GHSA-5cqm-crxm-6qpv	38.0.0
2026-04-01T13:05:48.469586+00:00	GithubOSV Importer	Affected by	VCID-1vp9-6q85-5ffv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-4vf4-qmvg-mh7h/GHSA-4vf4-qmvg-mh7h.json	38.0.0
2026-04-01T12:49:12.585568+00:00	GitLab Importer	Affected by	VCID-1vp9-6q85-5ffv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41819.yml	38.0.0