cgi 0.3.4
HTTP response splitting in CGI
high severity CVE-2021-33621~> 0.1.0.2, ~> 0.2.2, >= 0.3.5
cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients.
CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.
medium severity CVE-2025-27220~> 0.3.5.1, ~> 0.3.7, >= 0.4.2
There is a possibility for Regular expression Denial of Service (ReDoS) by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem.
Details
The regular expression used in CGI::Util#escapeElement is vulnerable to ReDoS. The crafted input could lead to a high CPU consumption.
This vulnerability only affects Ruby 3.1 and 3.2. If you are using these versions, please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later.
Affected versions
cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1.
Credits
Thanks to svalkanov for discovering this issue. Also thanks to nobu for fixing this vulnerability.
CVE-2025-27219 - Denial of Service in CGI::Cookie.parse
medium severity CVE-2025-27219~> 0.3.5.1, ~> 0.3.7, >= 0.4.2
There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem.
Details
CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service.
Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later.
Affected versions
cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1.
Credits
Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.