VulnerableCode Package Details

Search for packages

Vulnerability	Summary	Fixed by
VCID-2yge-cajg-eke7 Aliases: CVE-2021-33621 GHSA-vc47-6rqg-c7f5	The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.	0.3.5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-86ec-ufeg-n7et Aliases: CVE-2021-41816 GHSA-5cqm-crxm-6qpv GMS-2021-17	arbitrary code execution	0.3.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ey82-nbah-9bfr Aliases: CVE-2025-27219 GHSA-gh9q-2xrm-x6qv	CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.	0.3.5.1 Affected by 0 other vulnerabilities. 0.3.7 Affected by 0 other vulnerabilities. 0.4.2 Affected by 0 other vulnerabilities.
VCID-gjq7-jc2d-uudy Aliases: CVE-2025-27220 GHSA-mhwm-jh88-3gjf	CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.	0.3.5.1 Affected by 0 other vulnerabilities. 0.3.7 Affected by 0 other vulnerabilities. 0.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2yge-cajg-eke7
Aliases:
CVE-2021-33621
GHSA-vc47-6rqg-c7f5

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

0.3.5
Affected by 2 other vulnerabilities.

VCID-86ec-ufeg-n7et
Aliases:
CVE-2021-41816
GHSA-5cqm-crxm-6qpv
GMS-2021-17

arbitrary code execution

0.3.2
Affected by 3 other vulnerabilities.

VCID-ey82-nbah-9bfr
Aliases:
CVE-2025-27219
GHSA-gh9q-2xrm-x6qv

CGI has Denial of Service (DoS) potential in Cookie.parse There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. ## Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.

0.3.5.1
Affected by 0 other vulnerabilities.

0.3.7
Affected by 0 other vulnerabilities.

0.4.2
Affected by 0 other vulnerabilities.

VCID-gjq7-jc2d-uudy
Aliases:
CVE-2025-27220
GHSA-mhwm-jh88-3gjf

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. ## Details The regular expression used in `CGI::Util#escapeElement` is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption. This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later. ## Affected versions cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1. ## Credits Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.

0.3.5.1
Affected by 0 other vulnerabilities.

0.3.7
Affected by 0 other vulnerabilities.

0.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7qzs-b3aw-myex	multiple issues	CVE-2021-41819 GHSA-4vf4-qmvg-mh7h
VCID-86ec-ufeg-n7et	arbitrary code execution	CVE-2021-41816 GHSA-5cqm-crxm-6qpv GMS-2021-17

Vulnerability

Summary

Aliases

VCID-7qzs-b3aw-myex

multiple issues

CVE-2021-41819
GHSA-4vf4-qmvg-mh7h

VCID-86ec-ufeg-n7et

arbitrary code execution

CVE-2021-41816
GHSA-5cqm-crxm-6qpv
GMS-2021-17

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:22:06.647422+00:00	GitLab Importer	Affected by	VCID-gjq7-jc2d-uudy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27220.yml	37.0.0
2025-07-03T19:22:06.050398+00:00	GitLab Importer	Affected by	VCID-ey82-nbah-9bfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2025-27219.yml	37.0.0
2025-07-03T18:34:45.963416+00:00	GitLab Importer	Affected by	VCID-2yge-cajg-eke7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-33621.yml	37.0.0
2025-07-03T18:10:06.005097+00:00	GitLab Importer	Affected by	VCID-86ec-ufeg-n7et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41816.yml	37.0.0
2025-07-03T18:08:37.533866+00:00	GitLab Importer	Fixing	VCID-7qzs-b3aw-myex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41819.yml	37.0.0
2025-07-01T18:12:30.943758+00:00	GitLab Importer	Affected by	VCID-86ec-ufeg-n7et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41816.yml	36.1.3
2025-07-01T18:12:22.074502+00:00	GitLab Importer	Fixing	VCID-7qzs-b3aw-myex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/CVE-2021-41819.yml	36.1.3
2025-07-01T18:12:20.297713+00:00	GitLab Importer	Fixing	VCID-86ec-ufeg-n7et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/cgi/GMS-2021-17.yml	36.1.3
2025-07-01T14:31:00.589182+00:00	GHSA Importer	Fixing	VCID-7qzs-b3aw-myex	https://github.com/advisories/GHSA-4vf4-qmvg-mh7h	36.1.3
2025-07-01T14:30:52.233729+00:00	GHSA Importer	Fixing	VCID-86ec-ufeg-n7et	https://github.com/advisories/GHSA-5cqm-crxm-6qpv	36.1.3
2025-07-01T12:23:41.443634+00:00	GithubOSV Importer	Fixing	VCID-7qzs-b3aw-myex	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-4vf4-qmvg-mh7h/GHSA-4vf4-qmvg-mh7h.json	36.1.3
2025-07-01T12:18:17.132163+00:00	GithubOSV Importer	Fixing	VCID-86ec-ufeg-n7et	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-5cqm-crxm-6qpv/GHSA-5cqm-crxm-6qpv.json	36.1.3