- Description
- In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- cgi
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
โก [CVE-2025-27219] Denial of Service in CGI::Cookie.parse ๐จ๐ปโ๐ป lio346 โ Internet Bug Bounty ๐ง Medium ๐ฐ None ๐ https://t.co/Q7f25lVTjJ #bugbounty #bugbountytips #cybersecurity #infosec https://t.co/3IlQhlDPDU
@h1Disclosed
27 Apr 2025
477 Impressions
1 Retweet
10 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-27219 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not โฆ https://t.co/8Be7aTvUKT
@CVEnew
7 Mar 2025
220 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
๐จ Lambda Watchdog detected a new MEDIUM severity CVE ๐จ CVE-2025-27219 was detected in the latest AWS Lambda image scan affecting the cgi package in 2 images. Check the full report ๐ https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless
@LambdaWatchdog
4 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ด CGI, Denial of Service (DoS), #CVE-2025-27219 (High) https://t.co/BWLANoW7Jt
@dailycve
3 Mar 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ruby News โ Security advisories: CVE-2025-27219, CVE-2025-27220 and CVE-2025-27221 https://t.co/lhGgOXB5Hx
@rubylandnews
26 Feb 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "E7161F63-FEE1-4803-A460-FE87E323B05D",
"versionEndExcluding": "0.3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "A30117BA-C46E-44BB-A581-86E43F37D6E4",
"versionEndExcluding": "0.4.2",
"versionStartIncluding": "0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ruby-lang:cgi:0.3.6:*:*:*:*:ruby:*:*",
"matchCriteriaId": "8AE1C5F9-0743-49A2-8292-0018FEEF81E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]