Astra Linux - уязвимость в ruby2.5

In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...

EUVD-2006-5452

Malware in sbrugna...

Ubuntu: Security Advisory (USN-7442-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7442-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

Linux Distros Unpatched Vulnerability : CVE-2025-27219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27219

CVE-2025-27219 : In the CGI gem for Ruby, the CGI::Cookie.parse method (Ruby CGI library) has a Denial of Service vulnerability due to no limit on the length of the raw cookie value processed. This can lead to excessive resource consumption when parsing extremely large cookies. Connected referenc...

Internet Bug Bounty: [CVE-2025-27219] Denial of Service in CGI::Cookie.parse

A denial-of-service vulnerability was discovered in the CGI::Cookie.parse method of the Ruby cgi gem. The vulnerability was caused by the method taking super-linear time to parse a maliciously crafted cookie string. This could have led to service disruptions. The vulnerability was assigned the CV...

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

A vulnerability was found in Ruby's CGI library that allowed an attacker to inject a malicious HTTP response header and/or body if an application used untrusted user input to generate HTTP responses. The vulnerability was fixed in version 0.3.5, 0.2.2, and 0.1.0.2 of the cgi gem...

SUSE CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...

SUSE CVE-2006-5467

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

Buffer Overflow

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Buffer Overflow when a very large string 700 MB is passed to CGI.escapehtml on a platform where long type takes 4 bytes. Remediation Upgrade cgi to version 0.3.1, 0.2.1, 0.1.1 ...

Ruby: CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

以下のCGIスクリプトについて、name、path、domainに改行、等号、改行のインジェクションが可能 !/usr/bin/env ruby require "cgi" cgi = CGI.new name = "name" path = "/" domain = "example.jp" cookie = CGI::Cookie.new'name' = name, 'value' = "value", 'domain' = domain, 'path' = path cgi.out"cookie" = cookie...

Oracle Linux 3 : ruby (ELSA-2006-0729)

From Red Hat Security Advisory 2006:0729 : Updated ruby packages that fix a denial of service issue for the CGI instance are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...

Ruby cgi.rb Denial of Service Vulnerability

Overview The cig.rb class in Ruby cannot handle HTTP requests with MIME multipart data set with an invalid boundry, which could trigger an infinate loop and result in consuming a large amount of CPU respurces. Impact An attacker could cause a Denial of Service DoS on the Web services using cgi.rb...

CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...

CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...