CVSS v3.x: 7.5 (High)
- ~> 0.1.1
- ~> 0.2.1
- >= 0.3.1
A security vulnerability that causes buffer overflow when you pass a very large
string (> 700 MB) to
CGI.escape_html on a platform where
long type takes 4 bytes,
Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use
gem update cgi to update it. If you are using bundler, please add
">= 0.3.1" to your
Gemfile. Alternatively, please update Ruby to 2.7.5 or 3.0.3.
This issue has been introduced since Ruby 2.7, so the cgi version bundled with Ruby 2.6 is not vulnerable.