A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of.....
5.3CVSS
5.6AI Score
0.001EPSS
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and...
5.3CVSS
5.5AI Score
0.002EPSS
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question....
6.1CVSS
6AI Score
0.001EPSS
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in...
7.5CVSS
7AI Score
0.002EPSS
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand"...
7.5CVSS
7.5AI Score
0.001EPSS
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
6.5CVSS
6.3AI Score
0.001EPSS
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is...
7.8CVSS
7.6AI Score
0.0004EPSS