A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.
References
Link | Resource |
---|---|
https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 | Patch Vendor Advisory |
Configurations
History
16 Feb 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:rubyonrails:globalid:*:*:*:*:*:ruby:*:* | |
First Time |
Rubyonrails globalid
Rubyonrails |
|
References | (MISC) https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 - Patch, Vendor Advisory |
09 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-09 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22799
Mitre link : CVE-2023-22799
CVE.ORG link : CVE-2023-22799
JSON object : View
Products Affected
rubyonrails
- globalid