CVE-2025-27220

Опубликовано: 04 мар. 2025

Источник: debian

EPSS Низкий

Описание

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

Пакет	Статус	Версия исправления	Релиз	Тип
ruby3.3	fixed	3.3.7-2		package
ruby3.1	removed			package
ruby3.1	no-dsa		bookworm	package
ruby2.7	removed			package

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6 (v0.4.2)
https://github.com/ruby/cgi/pull/52

EPSS

Процентиль: 33%

0.00126

Низкий

CVE-2025-27220

CVSS3: 4

ubuntu

4 месяца назад

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

CVE-2025-27220

CVSS3: 5.3

redhat

4 месяца назад

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

CVE-2025-27220

CVSS3: 4

nvd

4 месяца назад

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

CVE-2025-27220

CVSS3: 7.5

msrc

3 месяца назад

Описание отсутствует

GHSA-mhwm-jh88-3gjf

CVSS3: 4

github

4 месяца назад

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

EPSS

Процентиль: 33%

0.00126

Низкий