Ruby CGI Gem Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the CGI gem for Ruby, affecting versions prior to 0.4.2. The issue arises in the CGI::Cookie.parse method, which lacks a limit on the length of raw cookie values it processes. This oversight can lead to excessive resource consumption when handling extremely large cookies.

Impact

Exploitation of this vulnerability can cause excessive resource consumption, potentially leading to a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ruby CGI Gem Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Ruby CGI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating