Search for packages
| purl | pkg:gem/cgi@0.3.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-exq5-cnrm-3uhd
Aliases: CVE-2025-27219 GHSA-gh9q-2xrm-x6qv |
CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-h4mf-99f4-9bdw
Aliases: CVE-2025-27220 GHSA-mhwm-jh88-3gjf |
CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||