vulnerability

Oracle Linux: CVE-2025-27220: ELSA-2025-4063: ruby:3.1 security update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Mar 3, 2025	Apr 23, 2025	Jul 17, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Mar 3, 2025

Added

Apr 23, 2025

Modified

Jul 17, 2025

Description

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
A flaw was found in Ruby's CGI gem. The CGI::Util#escapeElement method is vulnerable to Regular expression Denial of Service (ReDoS), allowing a specially crafted input to cause a high CPU consumption.

Solutions

oracle-linux-upgrade-rubyoracle-linux-upgrade-ruby-bundled-gemsoracle-linux-upgrade-ruby-default-gemsoracle-linux-upgrade-ruby-develoracle-linux-upgrade-ruby-docoracle-linux-upgrade-rubygem-abrtoracle-linux-upgrade-rubygem-abrt-docoracle-linux-upgrade-rubygem-bigdecimaloracle-linux-upgrade-rubygem-bundleroracle-linux-upgrade-rubygem-io-consoleoracle-linux-upgrade-rubygem-irboracle-linux-upgrade-rubygem-jsonoracle-linux-upgrade-rubygem-minitestoracle-linux-upgrade-rubygem-mysql2oracle-linux-upgrade-rubygem-mysql2-docoracle-linux-upgrade-rubygem-pgoracle-linux-upgrade-rubygem-pg-docoracle-linux-upgrade-rubygem-power-assertoracle-linux-upgrade-rubygem-psychoracle-linux-upgrade-rubygem-rakeoracle-linux-upgrade-rubygem-rbsoracle-linux-upgrade-rubygem-rdocoracle-linux-upgrade-rubygem-rexmloracle-linux-upgrade-rubygem-rssoracle-linux-upgrade-rubygemsoracle-linux-upgrade-rubygems-develoracle-linux-upgrade-rubygem-test-unitoracle-linux-upgrade-rubygem-typeproforacle-linux-upgrade-ruby-libs

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today