Vulnerabilities in ruby-lang
4 resultsCVE-2025-27219MEDIUMIn the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerabiEPSS 0.8%CVE-2025-27220MEDIUMIn the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.EPSS 0.7%CVE-2026-46727HIGHAn issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handleEPSS 0.5%CVE-2025-27221LOWIn the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication crEPSS 0.5%