[CVE-2025-27219] Denial of Service in CGI::Cookie.parse

Disclosed: 2025-04-27 14:27:52 By lio346 To ibb

Medium

Vulnerability Details

Hi, I made a report in #2936778 Advisory: https://www.ruby-lang.org/en/news/2025/02/26/security-advisories/ Details `CGI::Cookie.parse` took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into the method could lead to a Denial of Service. ## Impact An attacker could make a Denial of Service vulnerability that cause service disruptions and increased costs.

Actions

View on HackerOne

Report Stats

Report ID: 3013913
State: Closed
Substate: resolved
Upvotes: 1

[CVE-2025-27219] Denial of Service in CGI::Cookie.parse

Vulnerability Details

Actions

Report Stats

Share this report