CVE-2025-27219

{"id": "CVE-2025-27219", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-04T00:15:31.550", "references": [{"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://hackerone.com/reports/2936778", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00008.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies."}, {"lang": "es", "value": "En la gema CGI anterior a la versi\u00f3n 0.4.2 para Ruby, el m\u00e9todo CGI::Cookie.parse de la librer\u00eda CGI contiene una posible vulnerabilidad de denegaci\u00f3n de servicio (DoS). El m\u00e9todo no impone ning\u00fan l\u00edmite en la longitud del valor de cookie sin procesar que procesa. Este descuido puede provocar un consumo excesivo de recursos al analizar cookies extremadamente grandes."}], "lastModified": "2025-11-03T22:18:43.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "E7161F63-FEE1-4803-A460-FE87E323B05D", "versionEndExcluding": "0.3.5.1"}, {"criteria": "cpe:2.3:a:ruby-lang:cgi:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "A30117BA-C46E-44BB-A581-86E43F37D6E4", "versionEndExcluding": "0.4.2", "versionStartIncluding": "0.4.0"}, {"criteria": "cpe:2.3:a:ruby-lang:cgi:0.3.6:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "8AE1C5F9-0743-49A2-8292-0018FEEF81E0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}