CVE-2021-33621

The CVE-2021-33621 entry concerns the Ruby CGI gem: HTTP response splitting in cgi-gem versions before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5. The underlying issue is in how untrusted input can affect an HTTP response or CGI::Cookie creation, enabling response-splitting exploits. Aff...

CVE-2021-41819

CVE-2021-41819 affects Ruby and the CGI::Cookie.parse function; Ruby up to 2.6.8 (and CGI gem up to 0.3.0) mishandle security prefixes in cookie names, enabling cookie-prefix spoofing. Public advisories confirm this and list affected Ruby versions across multiple distributions (AL2, AL2 Ruby3.0 e...

CVE-2025-27219

CVE-2025-27219 : In the CGI gem for Ruby, the CGI::Cookie.parse method (Ruby CGI library) has a Denial of Service vulnerability due to no limit on the length of the raw cookie value processed. This can lead to excessive resource consumption when parsing extremely large cookies. Connected referenc...

CVE-2025-27220

CVE-2025-27220 affects the CGI gem in Ruby, with a Regular Expression DoS in CGI::Util#escapeElement present in versions prior to 0.4.2. Documents indicate a DoS risk due to unbounded processing of input during cookie handling; no exploit details or affected environments are provided beyond this....

CVE-2021-41816

CVE-2021-41816 affects CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3, with an integer overflow leading to a buffer overflow on platforms where size_t and long differ (Windows). The vulnerability also affects the CGI gem up to 0.3.1. Connected advisories confirm affected Ruby 2.7 and 3...