Vulnerabilites related to ruby-lang - cgi
Vulnerability from fkie_nvd
Published
2025-03-04 00:15
Modified
2025-03-05 14:58
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml | Third Party Advisory | |
| cve@mitre.org | https://hackerone.com/reports/2890322 | Permissions Required |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "E7161F63-FEE1-4803-A460-FE87E323B05D", versionEndExcluding: "0.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "A30117BA-C46E-44BB-A581-86E43F37D6E4", versionEndExcluding: "0.4.2", versionStartIncluding: "0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.3.6:*:*:*:*:ruby:*:*", matchCriteriaId: "8AE1C5F9-0743-49A2-8292-0018FEEF81E0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "DD748C02-1E5E-4D92-9C41-2BF953874C32", vulnerable: false, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8850AECE-0966-403B-A0D8-694C3ECE39D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.", }, { lang: "es", value: "En la gema CGI anterior a 0.4.2 para Ruby, existe una vulnerabilidad de denegación de servicio de expresión regular (ReDoS) en el método Util#escapeElement.", }, ], id: "CVE-2025-27220", lastModified: "2025-03-05T14:58:14.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-04T00:15:31.693", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/2890322", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "cve@mitre.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-04 00:15
Modified
2025-03-05 14:08
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml | Third Party Advisory | |
| cve@mitre.org | https://hackerone.com/reports/2936778 | Permissions Required |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "E7161F63-FEE1-4803-A460-FE87E323B05D", versionEndExcluding: "0.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "A30117BA-C46E-44BB-A581-86E43F37D6E4", versionEndExcluding: "0.4.2", versionStartIncluding: "0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.3.6:*:*:*:*:ruby:*:*", matchCriteriaId: "8AE1C5F9-0743-49A2-8292-0018FEEF81E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.", }, { lang: "es", value: "En la gema CGI anterior a la versión 0.4.2 para Ruby, el método CGI::Cookie.parse de la librería CGI contiene una posible vulnerabilidad de denegación de servicio (DoS). El método no impone ningún límite en la longitud del valor de cookie sin procesar que procesa. Este descuido puede provocar un consumo excesivo de recursos al analizar cookies extremadamente grandes.", }, ], id: "CVE-2025-27219", lastModified: "2025-03-05T14:08:20.493", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-04T00:15:31.550", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/2936778", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "cve@mitre.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-01 06:15
Modified
2024-11-21 06:26
Severity ?
Summary
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ruby-lang | cgi | 0.1.0 | |
| ruby-lang | cgi | 0.2.0 | |
| ruby-lang | cgi | 0.3.0 | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| ruby-lang | ruby | * | |
| redhat | software_collections | - | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise | 12.0 | |
| suse | linux_enterprise | 15.0 | |
| opensuse | factory | - | |
| opensuse | leap | 15.2 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:0.1.0:*:*:*:*:ruby:*:*", matchCriteriaId: "2DEC113F-FF5D-48DC-896B-E1C8A2C76C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.2.0:*:*:*:*:ruby:*:*", matchCriteriaId: "59B7F28D-757D-429F-88B5-7A8DAFB9BB4C", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:0.3.0:*:*:*:*:ruby:*:*", matchCriteriaId: "C8CB09D2-66DD-4E05-B9FC-F1C632C6942F", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "64AC442C-39CB-477C-9356-F36AF6762E53", versionEndIncluding: "2.6.8", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B53365-0B48-4408-A4A7-9A3744F89F07", versionEndExcluding: "2.7.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4499575-33A0-47D7-A88B-0E6FD2340792", versionEndExcluding: "3.0.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", matchCriteriaId: "749804DA-4B27-492A-9ABA-6BB562A6B3AC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", matchCriteriaId: "4500161F-13A0-4369-B93A-778B34E7F005", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", matchCriteriaId: "CBC8B78D-1131-4F21-919D-8AC79A410FB9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise:15.0:*:*:*:*:*:*:*", matchCriteriaId: "1607628F-77A7-4C1F-98DF-0DC50AE8627D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.", }, { lang: "es", value: "CGI::Cookie.parse en Ruby versiones hasta 2.6.8, maneja inapropiadamente los prefijos de seguridad en los nombres de las cookies. Esto también afecta a CGI gem versiones hasta 0.3.0 para Ruby.", }, ], id: "CVE-2021-41819", lastModified: "2024-11-21T06:26:48.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-01T06:15:07.293", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/910552", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/910552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-565", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-18 23:15
Modified
2024-11-21 06:09
Severity ?
Summary
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "CABF5DC4-7B4F-4548-B2DF-914B096246B8", versionEndExcluding: "0.1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "E6B2E611-4DD9-4265-AC1E-AA10826582D2", versionEndExcluding: "0.2.2", versionStartIncluding: "0.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "A6DA6066-2A67-4EE2-934F-3A0CF3D66AA7", versionEndExcluding: "0.3.5", versionStartIncluding: "0.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3553CC40-CE13-48A8-B959-0C0B96F1FAD1", versionEndExcluding: "2.7.7", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "3047B1E3-1CB1-4270-AB66-CF194AECB87E", versionEndExcluding: "3.0.5", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "576D85B3-8EA3-42F8-89FE-316057C9971D", versionEndExcluding: "3.1.3", versionStartIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.", }, { lang: "es", value: "La gema cgi anterior a 0.1.0.2, 0.2.x anterior a 0.2.2 y 0.3.x anterior a 0.3.5 para Ruby permite la división de respuestas HTTP. Esto es relevante para aplicaciones que utilizan entradas de usuarios que no son de confianza, ya sea para generar una respuesta HTTP o para crear un objeto CGI::Cookie.", }, ], id: "CVE-2021-33621", lastModified: "2024-11-21T06:09:12.553", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-18T23:15:18.987", references: [ { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-06 21:15
Modified
2024-11-21 06:26
Severity ?
Summary
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "BDC4A7B5-ED99-4BA3-A016-89134C733059", versionEndExcluding: "0.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "D4772765-264E-4A9E-80A8-CA0DFFAB3E11", versionEndIncluding: "0.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D4499575-33A0-47D7-A88B-0E6FD2340792", versionEndExcluding: "3.0.3", versionStartIncluding: "3.0.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", matchCriteriaId: "74619D97-ACF1-4F91-A7D3-50B893FFAEBF", versionEndIncluding: "0.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B53365-0B48-4408-A4A7-9A3744F89F07", versionEndExcluding: "2.7.5", versionStartIncluding: "2.7.0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.", }, { lang: "es", value: "El archivo CGI.escape_html en Ruby versiones anteriores a 2.7.5 y 3.x versiones anteriores a 3.0.3, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante por medio de una cadena larga en plataformas (como Windows) donde size_t y long tienen diferentes números de bytes. Esto también afecta a CGI gem versiones anteriores a 0.3.1 para Ruby", }, ], id: "CVE-2021-41816", lastModified: "2024-11-21T06:26:48.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-06T21:15:07.887", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1328463", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://hackerone.com/reports/1328463", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2021-33621
Vulnerability from cvelistv5
Published
2022-11-18 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:21.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, { name: "FEDORA-2022-ef96a58bbe", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { name: "FEDORA-2022-f0f6c6bec2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { name: "FEDORA-2022-b9b710f199", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { name: "[debian-lts-announce] 20230609 [SECURITY] [DLA 3450-1] ruby2.5 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:28.299372", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", }, { name: "FEDORA-2022-ef96a58bbe", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", }, { name: "FEDORA-2022-f0f6c6bec2", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", }, { name: "FEDORA-2022-b9b710f199", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", }, { url: "https://security.netapp.com/advisory/ntap-20221228-0004/", }, { name: "[debian-lts-announce] 20230609 [SECURITY] [DLA 3450-1] ruby2.5 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33621", datePublished: "2022-11-18T00:00:00", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:21.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27219
Vulnerability from cvelistv5
Published
2025-03-03 00:00
Modified
2025-03-04 16:41
Severity ?
EPSS score ?
Summary
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27219", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-04T16:41:05.727608Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-04T16:41:20.234Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CGI", vendor: "ruby-lang", versions: [ { lessThan: "0.3.5.1", status: "affected", version: "0", versionType: "custom", }, { lessThan: "0.3.7", status: "affected", version: "0.3.6", versionType: "custom", }, { lessThan: "0.4.2", status: "affected", version: "0.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.3.7", versionStartIncluding: "0.3.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.4.2", versionStartIncluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T23:38:00.413Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/2936778", }, { url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml", }, ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2025-27219", datePublished: "2025-03-03T00:00:00.000Z", dateReserved: "2025-02-20T00:00:00.000Z", dateUpdated: "2025-03-04T16:41:20.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41819
Vulnerability from cvelistv5
Published
2022-01-01 00:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:24.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/910552", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:40.201990", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/910552", }, { url: "https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/", }, { url: "https://security.netapp.com/advisory/ntap-20220121-0003/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41819", datePublished: "2022-01-01T00:00:00", dateReserved: "2021-09-29T00:00:00", dateUpdated: "2024-08-04T03:22:24.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41816
Vulnerability from cvelistv5
Published
2022-02-06 00:00
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:22:24.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1328463", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:22.268245", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1328463", }, { url: "https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/", }, { url: "https://security-tracker.debian.org/tracker/CVE-2021-41816", }, { url: "https://security.netapp.com/advisory/ntap-20220303-0006/", }, { name: "FEDORA-2022-82a9edac27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN/", }, { name: "FEDORA-2022-8cf0124add", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF/", }, { name: "GLSA-202401-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41816", datePublished: "2022-02-06T00:00:00", dateReserved: "2021-09-29T00:00:00", dateUpdated: "2024-08-04T03:22:24.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27220
Vulnerability from cvelistv5
Published
2025-03-03 00:00
Modified
2025-03-04 16:40
Severity ?
EPSS score ?
Summary
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27220", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-04T16:39:36.614961Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-04T16:40:22.900Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CGI", vendor: "ruby-lang", versions: [ { lessThan: "0.3.5.1", status: "affected", version: "0", versionType: "custom", }, { lessThan: "0.3.7", status: "affected", version: "0.3.6", versionType: "custom", }, { lessThan: "0.4.2", status: "affected", version: "0.4.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.3.7", versionStartIncluding: "0.3.6", vulnerable: true, }, { criteria: "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:*:*:*", versionEndExcluding: "0.4.2", versionStartIncluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.", }, ], metrics: [ { cvssV3_1: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333 Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-03T23:46:21.977Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/2890322", }, { url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml", }, ], x_generator: { engine: "enrichogram 0.0.1", }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2025-27220", datePublished: "2025-03-03T00:00:00.000Z", dateReserved: "2025-02-20T00:00:00.000Z", dateUpdated: "2025-03-04T16:40:22.900Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }