A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
04 May 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 May 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230526-0003/ - Third Party Advisory |
26 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://www.ruby-lang.org/en/downloads/releases/ - Release Notes | |
References | (MISC) https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/ - Release Notes | |
References | (MISC) https://github.com/ruby/uri/releases/ - Release Notes | |
References | (CONFIRM) https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ - Vendor Advisory | |
CWE | CWE-1333 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:ruby-lang:uri:0.12.0:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:uri:0.10.1:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:uri:0.11.0:*:*:*:*:ruby:*:* |
31 Mar 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 04:15
Updated : 2024-05-04 03:15
NVD link : CVE-2023-28755
Mitre link : CVE-2023-28755
CVE.ORG link : CVE-2023-28755
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
ruby-lang
- uri
CWE
CWE-1333
Inefficient Regular Expression Complexity