CVE-2023-28755
31.03.2023, 04:15
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ruby-lang | uri | 𝑥 ≤ 0.10.0 |
| ruby-lang | uri | 0.10.1 |
| ruby-lang | uri | 0.11.0 |
| ruby-lang | uri | 0.12.0 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| jruby |
| ||||||||||
| ruby2.7 |
| ||||||||||
| ruby3.1 |
| ||||||||||
| rubygems |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| jruby |
| ||||||||||||||||||||
| ruby1.9.1 |
| ||||||||||||||||||||
| ruby2.0 |
| ||||||||||||||||||||
| ruby2.3 |
| ||||||||||||||||||||
| ruby2.5 |
| ||||||||||||||||||||
| ruby2.7 |
| ||||||||||||||||||||
| ruby3.0 |
| ||||||||||||||||||||
| ruby3.1 |
| ||||||||||||||||||||
| rubygems |
|
Common Weakness Enumeration
References