In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
Weakness
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cgi | Ruby-lang | * | 0.3.5.1 (excluding) |
| Cgi | Ruby-lang | 0.4.0 (including) | 0.4.2 (excluding) |
| Cgi | Ruby-lang | 0.3.6 (including) | 0.3.6 (including) |
| Red Hat Enterprise Linux 8 | RedHat | ruby:3.1-8100020250407112943.489197e6 | * |
| Red Hat Enterprise Linux 9 | RedHat | ruby-0:3.0.7-165.el9_5 | * |
| Red Hat Enterprise Linux 9 | RedHat | ruby:3.1-9050020250404144903.9 | * |
| Jruby | Ubuntu | focal | * |
| Jruby | Ubuntu | oracular | * |
| Jruby | Ubuntu | plucky | * |
| Ruby2.3 | Ubuntu | esm-infra/xenial | * |
| Ruby2.5 | Ubuntu | esm-infra/bionic | * |
| Ruby2.7 | Ubuntu | esm-infra/focal | * |
| Ruby2.7 | Ubuntu | focal | * |
| Ruby3.0 | Ubuntu | jammy | * |
| Ruby3.2 | Ubuntu | noble | * |
| Ruby3.3 | Ubuntu | devel | * |
| Ruby3.3 | Ubuntu | oracular | * |
| Ruby3.3 | Ubuntu | plucky | * |
| Ruby3.3 | Ubuntu | questing | * |
Extended Description
Attackers can create crafted inputs that
intentionally cause the regular expression to use
excessive backtracking in a way that causes the CPU
consumption to spike.