VYPR
Moderate severityNVD Advisory· Published Mar 3, 2025· Updated Nov 3, 2025

CVE-2025-27219

CVE-2025-27219

Description

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cgiRubyGems
< 0.3.5.10.3.5.1
cgiRubyGems
>= 0.3.6, < 0.3.70.3.7
cgiRubyGems
>= 0.4.0, < 0.4.20.4.2

Affected products

86

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.