VulnerableCode Package Details - pkg:gem/cgi@0.3.5.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-exq5-cnrm-3uhd	CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.	CVE-2025-27219 GHSA-gh9q-2xrm-x6qv
VCID-h4mf-99f4-9bdw	CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.	CVE-2025-27220 GHSA-mhwm-jh88-3gjf

Vulnerability

Summary

Aliases

VCID-exq5-cnrm-3uhd

CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.

CVE-2025-27219
GHSA-gh9q-2xrm-x6qv

VCID-h4mf-99f4-9bdw

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.

CVE-2025-27220
GHSA-mhwm-jh88-3gjf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:22:11.528016+00:00	GitLab Importer	Fixing	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.4.0
2026-04-16T23:22:10.347411+00:00	GitLab Importer	Fixing	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.4.0
2026-04-12T00:41:17.449036+00:00	GitLab Importer	Fixing	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.3.0
2026-04-12T00:41:16.288910+00:00	GitLab Importer	Fixing	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.3.0
2026-04-07T04:57:10.210791+00:00	GHSA Importer	Fixing	VCID-h4mf-99f4-9bdw	https://github.com/advisories/GHSA-mhwm-jh88-3gjf	38.1.0
2026-04-07T04:57:10.072688+00:00	GHSA Importer	Fixing	VCID-exq5-cnrm-3uhd	https://github.com/advisories/GHSA-gh9q-2xrm-x6qv	38.1.0
2026-04-03T00:49:12.981156+00:00	GitLab Importer	Fixing	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.1.0
2026-04-03T00:49:11.425037+00:00	GitLab Importer	Fixing	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.1.0
2026-04-02T12:40:56.479519+00:00	GitLab Importer	Fixing	VCID-exq5-cnrm-3uhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	38.0.0
2026-04-02T12:40:56.350819+00:00	GitLab Importer	Fixing	VCID-h4mf-99f4-9bdw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	38.0.0
2026-04-01T12:56:13.979297+00:00	GithubOSV Importer	Fixing	VCID-h4mf-99f4-9bdw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-mhwm-jh88-3gjf/GHSA-mhwm-jh88-3gjf.json	38.0.0
2026-04-01T12:56:12.716141+00:00	GithubOSV Importer	Fixing	VCID-exq5-cnrm-3uhd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-gh9q-2xrm-x6qv/GHSA-gh9q-2xrm-x6qv.json	38.0.0