Lucene search
+L

138 matches found

Redos
Redos
added 2023/10/03 12:0 a.m.51 views

ROS-20230929-01

Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...

7.5CVSS5.6AI score0.05533EPSS
Exploits0
Veracode
Veracode
added 2023/07/22 11:40 p.m.21 views

Improper Authorization

gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

5.3CVSS6.8AI score0.00537EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/07/22 11:22 p.m.19 views

Improper Authentication

GitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

6.5CVSS6.5AI score0.01129EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.5 views

The vulnerability of the Ruby programming language’s URI component lies in the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.

The vulnerability of the Ruby programming language’s URI component is related to the incorrect handling of invalid URL addresses. Exploiting this vulnerability allows a remote attacker to cause service failures...

5.3CVSS6.7AI score0.02637EPSS
Exploits0References16Affected Software6
RedhatCVE
RedhatCVE
added 2023/07/13 11:36 a.m.49 views

CVE-2023-36617

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

5.3CVSS6.8AI score0.02637EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/07/01 1:27 a.m.3 views

SUSE CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

7.5CVSS6.9AI score0.01698EPSS
Exploits0References3
OSV
OSV
added 2023/06/29 1:15 p.m.13 views

UBUNTU-CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

5.3CVSS6.5AI score0.01698EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.2 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. A security vulnerability exists in Ruby versions prior to 0.12.2, which stems from a ReDoS issue found in the URI component, where the URI parser incorrectly handle...

5.3CVSS7.4AI score0.01698EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/06/29 12:0 a.m.32 views

CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

5.3CVSS6.3AI score0.01698EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/24 8:59 a.m.4 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.3AI score0.02637EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/04/03 2:43 p.m.39 views

CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS5.6AI score0.02637EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/03/31 6:30 a.m.33 views

Ruby URI component ReDoS issue

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References21Affected Software1
OSV
OSV
added 2023/03/31 6:30 a.m.32 views

GHSA-FG7X-G82R-94QC Ruby Time component ReDoS issue

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

7.5CVSS7.2AI score0.02452EPSS
Exploits0References17
OSV
OSV
added 2023/03/31 4:15 a.m.4 views

ALPINE-CVE-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

5.3CVSS7.2AI score0.02452EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/03/31 1:57 a.m.1 views

SUSE CVE-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

6.5CVSS6.9AI score0.02452EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/03/31 12:0 a.m.9 views

CVE-2023-28755

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...

5.6AI score0.02637EPSS
Exploits0References12
Cvelist
Cvelist
added 2023/03/31 12:0 a.m.25 views

CVE-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

6AI score0.02452EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/03/30 1:44 a.m.14 views

SUSE CVE-2023-28755

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...

5.3CVSS6.9AI score0.02637EPSS
Exploits0References8
Snyk
Snyk
added 2023/03/28 11:18 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS such that the URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. Details Denial of Service DoS describ...

5.3CVSS6.9AI score0.02637EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.4 views

PT-2023-2261 · Time +12 · Time +12

Name of the Vulnerable Software and Affected Versions: Time component versions through 0.2.1 Ruby versions through 3.2.1 Description: A ReDoS issue was discovered in the Time component, where the Time parser mishandles invalid URLs with specific characters, causing an increase in execution time f...

9.8CVSS6.3AI score0.0576EPSS
Exploits7References203
Rows per page
Query Builder