Lucene search

K
redhatcveRedhat.comRH:CVE-2023-28755
HistoryApr 03, 2023 - 2:43 p.m.

CVE-2023-28755

2023-04-0314:43:40
redhat.com
access.redhat.com
28
rubygem
uri parser
invalid urls
redos
denial of service

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.6%

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS).

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.6

Confidence

High

EPSS

0.005

Percentile

76.6%