VulnerableCode Package Details - pkg:gem/cgi@0.1.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ey82-nbah-9bfr Aliases: CVE-2025-27219 GHSA-gh9q-2xrm-x6qv	CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.	0.3.5.1 Affected by 0 other vulnerabilities. 0.3.7 Affected by 0 other vulnerabilities. 0.4.2 Affected by 0 other vulnerabilities.
VCID-gjq7-jc2d-uudy Aliases: CVE-2025-27220 GHSA-mhwm-jh88-3gjf	CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.	0.3.5.1 Affected by 0 other vulnerabilities. 0.3.7 Affected by 0 other vulnerabilities. 0.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ey82-nbah-9bfr
Aliases:
CVE-2025-27219
GHSA-gh9q-2xrm-x6qv

CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.

0.3.5.1
Affected by 0 other vulnerabilities.

0.3.7
Affected by 0 other vulnerabilities.

0.4.2
Affected by 0 other vulnerabilities.

VCID-gjq7-jc2d-uudy
Aliases:
CVE-2025-27220
GHSA-mhwm-jh88-3gjf

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.

0.3.5.1
Affected by 0 other vulnerabilities.

0.3.7
Affected by 0 other vulnerabilities.

0.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7qzs-b3aw-myex	multiple issues	CVE-2021-41819 GHSA-4vf4-qmvg-mh7h
VCID-86ec-ufeg-n7et	arbitrary code execution	CVE-2021-41816 GHSA-5cqm-crxm-6qpv GMS-2021-17

Vulnerability

Summary

Aliases

VCID-7qzs-b3aw-myex

multiple issues

CVE-2021-41819
GHSA-4vf4-qmvg-mh7h

VCID-86ec-ufeg-n7et

arbitrary code execution

CVE-2021-41816
GHSA-5cqm-crxm-6qpv
GMS-2021-17

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:22:06.628963+00:00	GitLab Importer	Affected by	VCID-gjq7-jc2d-uudy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	37.0.0
2025-07-03T19:22:06.031110+00:00	GitLab Importer	Affected by	VCID-ey82-nbah-9bfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	37.0.0
2025-07-01T14:31:00.568348+00:00	GHSA Importer	Fixing	VCID-7qzs-b3aw-myex	https://github.com/advisories/GHSA-4vf4-qmvg-mh7h	36.1.3
2025-07-01T14:30:52.262313+00:00	GHSA Importer	Fixing	VCID-86ec-ufeg-n7et	https://github.com/advisories/GHSA-5cqm-crxm-6qpv	36.1.3
2025-07-01T12:23:41.524081+00:00	GithubOSV Importer	Fixing	VCID-7qzs-b3aw-myex	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-4vf4-qmvg-mh7h/GHSA-4vf4-qmvg-mh7h.json	36.1.3
2025-07-01T12:18:17.248757+00:00	GithubOSV Importer	Fixing	VCID-86ec-ufeg-n7et	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-5cqm-crxm-6qpv/GHSA-5cqm-crxm-6qpv.json	36.1.3