Fluid Attacks Database

Description

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	ruby3.1	=3.1.2-7 \|\| =3.1.2-7+deb12u1 \|\| =3.1.2-7+hurd.1 \|\| =3.1.2-8 \|\| =3.1.2-8.1~exp1 \|\| =3.1.2-8.3 \|\| =3.1.2-8.4 \|\| =3.1.2-8.5	-
debian 11	ruby2.7	=2.7.4-1 \|\| =2.7.4-1+deb11u1 \|\| =2.7.4-1+deb11u2 \|\| =2.7.4-1+deb11u3 \|\| =2.7.4-1+deb11u4 \|\| >=0 <2.7.4-1+deb11u5	2.7.4-1+deb11u5
debian 13	ruby3.3	>=0 <3.3.7-2	3.3.7-2
debian 14	ruby3.3	>=0 <3.3.7-2	3.3.7-2
rubygems	cgi	>=0 <0.3.5.1 \|\| =0.3.6 \|\| >=0.3.6 <0.3.7 \|\| >=0.4.0 <0.4.2	0.3.5.1, 0.3.7, 0.4.2
rpm rhel8	ruby	-	-
rpm rhel7	ruby	-	-
rpm rhel9	ruby	<0:3.0.7-165.el9_5	0:3.0.7-165.el9_5
rpm rhel6	ruby	-	-

Aliases

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.