/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-v2w7-gj47-p7mf

Published

Last updated

https://images.chainguard.dev/security/CGA-v2w7-gj47-p7mf
Package

ruby-3.0

RepositoryWolfi
Latest Update
Fix not planned
Aliases
  • CVE-2025-27219
  • GHSA-gh9q-2xrm-x6qv

Severity

Unknown

Summary

CGI has Denial of Service (DoS) potential in Cookie.parse

Description

There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem.

Details

CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service.

Please update CGI gem to version 0.3.5.1, 0.3.7, 0.4.2 or later.

Affected versions

cgi gem versions <= 0.3.5, 0.3.6, 0.4.0 and 0.4.1.

Credits

Thanks to lio346 for discovering this issue. Also thanks to mame for fixing this vulnerability.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation