Commit 6847b45 1 parent 4b6766f commit 6847b45 Copy full SHA for 6847b45
File tree 4 files changed +27
-0
lines changed
4 files changed +27
-0
lines changed Original file line number Diff line number Diff line change 1
1
---
2
2
gem : cgi
3
3
cve : 2025-27219
4
+ ghsa : gh9q-2xrm-x6qv
4
5
url : https://www.cve.org/CVERecord?id=CVE-2025-27219
5
6
title : CVE-2025-27219 - Denial of Service in CGI::Cookie.parse
6
7
date : 2025-02-26
@@ -25,6 +26,7 @@ description: |
25
26
26
27
Thanks to lio346 for discovering this issue.
27
28
Also thanks to mame for fixing this vulnerability.
29
+ cvss_v3 : 5.8
28
30
patched_versions :
29
31
- " ~> 0.3.5.1"
30
32
- " ~> 0.3.7"
Original file line number Diff line number Diff line change 1
1
---
2
2
gem : cgi
3
3
cve : 2025-27220
4
+ ghsa : mhwm-jh88-3gjf
4
5
url : https://www.cve.org/CVERecord?id=CVE-2025-27220
5
6
title : CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.
6
7
date : 2025-02-26
@@ -26,6 +27,7 @@ description: |
26
27
27
28
Thanks to svalkanov for discovering this issue.
28
29
Also thanks to nobu for fixing this vulnerability.
30
+ cvss_v3 : 4.0
29
31
patched_versions :
30
32
- " ~> 0.3.5.1"
31
33
- " ~> 0.3.7"
Original file line number Diff line number Diff line change
1
+ ---
2
+ gem : oxidized-web
3
+ cve : 2025-27590
4
+ ghsa : jx6p-9c26-g373
5
+ url : https://github.com/advisories/GHSA-jx6p-9c26-g373
6
+ title : Oxidized Web RANCID migration page allows unauthenticated
7
+ user to gain control over Linux user account
8
+ date : 2025-03-03
9
+ description : |
10
+ In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID
11
+ migration page allows an unauthenticated user to gain control
12
+ over the Linux user account that is running oxidized-web.
13
+ cvss_v3 : 9.1
14
+ patched_versions :
15
+ - " >= 0.15.0"
16
+ related :
17
+ url :
18
+ - https://nvd.nist.gov/vuln/detail/CVE-2025-27590
19
+ - https://github.com/ytti/oxidized-web/releases/tag/0.15.0
20
+ - https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e
21
+ - https://github.com/advisories/GHSA-jx6p-9c26-g373
Original file line number Diff line number Diff line change 1
1
---
2
2
gem : uri
3
3
cve : 2025-27221
4
+ ghsa : 22h5-pq3x-2gf2
4
5
url : https://www.cve.org/CVERecord?id=CVE-2025-27221
5
6
title : CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.
6
7
date : 2025-02-26
@@ -29,6 +30,7 @@ description: |
29
30
30
31
Thanks to Tsubasa Irisawa (lambdasawa) for discovering this issue.
31
32
Also thanks to nobu for additional fixes of this vulnerability.
33
+ cvss_v3 : 3.2
32
34
patched_versions :
33
35
- " ~> 0.11.3"
34
36
- " ~> 0.12.4"
You can’t perform that action at this time.
0 commit comments