Lucene search

GoogleOSV:GHSA-HV5J-3H9F-99C2

HistoryMar 31, 2023 - 6:30 a.m.

Ruby URI component ReDoS issue

2023-03-3106:30:15

Google

osv.dev

0.002 Low

EPSS

Percentile

60.5%

JSON

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

CPENameOperatorVersion
urieq0.10.1
urieq0.12.0
urieq0.11.0
urieq0.10.0

Name	Operator	Version
uri	eq	0.10.1
uri	eq	0.12.0
uri	eq	0.11.0
uri	eq	0.10.0

References

github.com/ruby/uri

github.com/ruby/uri/releases

github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml

lists.debian.org/debian-lts-announce/2023/04/msg00033.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z

lists.fedoraproject.org/archives/list/[email protected]/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA

lists.fedoraproject.org/archives/list/[email protected]/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T

lists.fedoraproject.org/archives/list/[email protected]/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z

nvd.nist.gov/vuln/detail/CVE-2023-28755

security.gentoo.org/glsa/202401-27

security.netapp.com/advisory/ntap-20230526-0003

www.ruby-lang.org/en/downloads/releases

www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released

www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for OSV:GHSA-HV5J-3H9F-99C2