Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

Published

2025-03-04T00:15:31.550

Last Modified

2025-03-05T14:08:20.493

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-770
Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruby-lang	cgi	< 0.3.5.1	Yes
Application	ruby-lang	cgi	< 0.4.2	Yes
Application	ruby-lang	cgi	0.3.6	Yes

References

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml Third Party Advisory ([email protected])
https://hackerone.com/reports/2936778 Permissions Required ([email protected])