cgi

RubyGems4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting cgipage 1 of 1

CVE-2021-33621HIGHCVSS 8.8EG 8.8✓ Fixed in 0.1.0.2
2022-11-18
vulnerable: 0.1.0, 0.1.0.1
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie o…
CVE-2021-41816CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.1.0.1
2022-02-06
vulnerable: 0.1.0
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the C…
CVE-2021-41819HIGHCVSS 7.5EG 7.5✓ Fixed in 0.1.0.1
2022-01-01
vulnerable: 0.1.0
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2025-27220MEDIUMCVSS 4.0EG 4.0✓ Fixed in 0.3.5.1
2025-03-04
vulnerable: 0.1.0 ... 0.3.5 (13 versions)
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

Check whether cgi is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cgi CVEs against the assets you own.

Start Free Scan →