Цены Enterprise

CVE-2025-27220

4.0MEDIUM

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

Опубликовано: 3/4/2025Обновлено: 11/3/2025

Посмотреть на NVD Посмотреть на MITRE

Описание

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

ИИ-АнализНа базе ИИ

Затронутые продукты

ruby-langcgi

ruby-langcgi

ruby-langcgi

0.3.6

ruby-langruby

3.1.0

ruby-langruby

3.2.0

Ссылки

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
Third Party Advisory
https://hackerone.com/reports/2890322
Permissions Required
https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html