Lucene search
K

109 matches found

CVE
CVE
added 2025/03/03 12:0 a.m.326 views

CVE-2025-27219

CVE-2025-27219 : In the CGI gem for Ruby, the CGI::Cookie.parse method (Ruby CGI library) has a Denial of Service vulnerability due to no limit on the length of the raw cookie value processed. This can lead to excessive resource consumption when parsing extremely large cookies. Connected referenc...

7.5CVSS5.6AI score0.00784EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/03 12:0 a.m.7 views

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

5.8CVSS5.5AI score0.00784EPSS
Exploits0References2
CVE
CVE
added 2025/03/03 12:0 a.m.292 views

CVE-2025-27220

CVE-2025-27220 affects the CGI gem in Ruby, with a Regular Expression DoS in CGI::Util#escapeElement present in versions prior to 0.4.2. Documents indicate a DoS risk due to unbounded processing of input during cookie handling; no exploit details or affected environments are provided beyond this....

7.5CVSS4.3AI score0.00702EPSS
Exploits0References3Affected Software1
RubySec
RubySec
added 2025/02/26 12:0 a.m.31 views

CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

7.5CVSS7AI score0.00702EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/26 12:0 a.m.15 views

CVE-2025-27219 - Denial of Service in CGI::Cookie.parse

There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into t...

7.5CVSS7.1AI score0.00784EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/26 12:0 a.m.8 views

PT-2025-8695

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method. This issue can lead to high CPU consumption due to crafted input. The vulnerability affects Ruby...

8.7CVSS6.9AI score0.02064EPSS
Exploits1References133
OSV
OSV
added 2025/01/27 7:20 a.m.22 views

BIT-RUBY-MIN-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...

8.8CVSS8.6AI score0.02287EPSS
Exploits1References9
OSV
OSV
added 2025/01/27 7:20 a.m.10 views

BIT-RUBY-MIN-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS8.1AI score0.02931EPSS
Exploits1References7
Redos
Redos
added 2024/09/18 12:0 a.m.19 views

ROS-20240918-01

A vulnerability in the CGI::Cookie.parse function of the Ruby programming language is related to incorrect processing of security prefixes in cookie names. security prefixes in cookie names. Exploitation of the vulnerability allows an attacker, acting remotely, to affect data integrity...

9.8CVSS8.1AI score0.04766EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/04/05 12:0 a.m.30 views

Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

8.8CVSS8.1AI score0.02637EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.50 views

AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

8.8CVSS7.8AI score0.02637EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.46 views

Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory. ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI...

8.8CVSS7.9AI score0.02637EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/04/01 12:0 a.m.36 views

RHEL 9 : ruby:3.1 (RHSA-2024:1576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.8CVSS7.9AI score0.02637EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.39 views

AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1431 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

8.8CVSS7.8AI score0.02637EPSS
Exploits1References5
Amazon
Amazon
added 2024/03/18 12:0 a.m.60 views

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...

8.8CVSS9.1AI score0.02287EPSS
Exploits1
Amazon
Amazon
added 2024/03/18 12:0 a.m.5 views

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...

8.8CVSS6.9AI score0.02287EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.28 views

Amazon Linux 2 : ruby (ALAS-2024-2503)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2503 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant ...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:5 a.m.74 views

BIT-RUBY-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...

8.8CVSS8.8AI score0.02287EPSS
Exploits1References9
OSV
OSV
added 2024/03/06 11:4 a.m.31 views

BIT-RUBY-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS7.8AI score0.02931EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.31 views

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...

9.8CVSS8.1AI score0.04766EPSS
Exploits6References18
Rows per page
Query Builder