Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

Published

2025-03-04T00:15:31.693

Last Modified

2025-11-03T22:18:43.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.0 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-1333
  • Type: Primary
    CWE-1333
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ruby-lang cgi < 0.3.5.1 Yes
Application ruby-lang cgi < 0.4.2 Yes
Application ruby-lang cgi 0.3.6 Yes
Application ruby-lang ruby 3.1.0 No
Application ruby-lang ruby 3.2.0 No
References