A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
04 May 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 May 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Fedoraproject Debian Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230526-0003/ - Third Party Advisory |
26 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Apr 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Apr 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.ruby-lang.org/en/downloads/releases/ - Release Notes | |
References | (MISC) https://github.com/ruby/uri/releases/ - Release Notes | |
References | (MISC) https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/ - Release Notes | |
References | (CONFIRM) https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ - Vendor Advisory | |
CPE | cpe:2.3:a:ruby-lang:uri:0.10.1:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:uri:0.12.0:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:uri:*:*:*:*:*:ruby:*:* cpe:2.3:a:ruby-lang:uri:0.11.0:*:*:*:*:ruby:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-1333 | |
First Time |
Ruby-lang
Ruby-lang uri |
31 Mar 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 04:15
Updated : 2024-05-04 03:15
NVD link : CVE-2023-28755
Mitre link : CVE-2023-28755
CVE.ORG link : CVE-2023-28755
JSON object : View
Products Affected
fedoraproject
- fedora
ruby-lang
- uri
debian
- debian_linux
CWE