CVE-2025-27220

MEDIUM4.0EPSS 0.25%

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

發布日:2025/3/3修改日:2026/4/28

描述

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

受影響套件(4)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
osvCVSS 3.1MEDIUM4.0CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

參考連結(11)