Lucene search
Gentoo FoundationMGASA-2023-0291HistoryOct 20, 2023 - 11:34 a.m.
Updated ruby-RedCloth packages fix a security vulnerability
2023-10-2011:34:20
Gentoo Foundation
advisories.mageia.org
19
ruby redcloth redos
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
46.7%
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. (CVE-2023-31606)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | ruby-redcloth | < 4.3.2-5.1 | ruby-RedCloth-4.3.2-5.1.mga8 |
| Mageia | 9 | noarch | ruby-redcloth | < 4.3.2-7.1 | ruby-RedCloth-4.3.2-7.1.mga9 |
Related
osv
osv
ruby-redcloth - security update
2023-07-06 00:00:00
RedCloth Regular Expression Denial of Service issue
2023-06-06 18:30:20
CVE-2023-31606
2023-06-06 17:15:14
ubuntu
ubuntu
RedCloth vulnerability
2023-09-12 00:00:00
nvd
nvd
CVE-2023-31606
2023-06-06 17:15:14
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : RedCloth vulnerability (USN-6358-1)
2023-09-12 00:00:00
GLSA-202401-14 : RedCloth: ReDoS Vulnerability
2024-01-10 00:00:00
Debian DLA-3480-1 : ruby-redcloth - LTS security update
2023-07-18 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0291)
2023-10-20 00:00:00
Debian: Security Advisory (DLA-3480-1)
2023-07-18 00:00:00
Ubuntu: Security Advisory (USN-6358-1)
2023-09-13 00:00:00
ubuntucve
ubuntucve
CVE-2023-31606
2023-06-06 00:00:00
redhatcve
redhatcve
CVE-2023-31606
2023-07-20 19:44:11
cvelist
cvelist
CVE-2023-31606
2023-06-06 00:00:00
gitlab
gitlab
Inefficient Regular Expression Complexity
2023-06-06 00:00:00
github
github
RedCloth Regular Expression Denial of Service issue
2023-06-06 18:30:20
debiancve
debiancve
CVE-2023-31606
2023-06-06 17:15:14
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-08 09:02:05
prion
prion
Design/Logic Flaw
2023-06-06 17:15:00
gentoo
gentoo
RedCloth: ReDoS Vulnerability
2024-01-10 00:00:00
debian
debian
[SECURITY] [DLA 3480-1] ruby-redcloth security update
2023-07-06 22:09:03
rubygems
rubygems
RedCloth Regular Expression Denial of Service issue
2023-06-05 21:00:00
cve
cve
CVE-2023-31606
2023-06-06 17:15:14
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
46.7%
Related for MGASA-2023-0291