138 matches found
ROS-20230929-01
Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...
Improper Authorization
gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...
Improper Authentication
GitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...
The vulnerability of the Ruby programming language’s URI component lies in the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.
The vulnerability of the Ruby programming language’s URI component is related to the incorrect handling of invalid URL addresses. Exploiting this vulnerability allows a remote attacker to cause service failures...
CVE-2023-36617
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...
SUSE CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...
UBUNTU-CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. A security vulnerability exists in Ruby versions prior to 0.12.2, which stems from a ReDoS issue found in the URI component, where the URI parser incorrectly handle...
CVE-2023-36617
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...
ruby: ReDoS vulnerability in URI
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...
CVE-2023-28755
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...
Ruby URI component ReDoS issue
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...
GHSA-FG7X-G82R-94QC Ruby Time component ReDoS issue
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
ALPINE-CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
SUSE CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...
CVE-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
SUSE CVE-2023-28755
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS such that the URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. Details Denial of Service DoS describ...
PT-2023-2261 · Time +12 · Time +12
Name of the Vulnerable Software and Affected Versions: Time component versions through 0.2.1 Ruby versions through 3.2.1 Description: A ReDoS issue was discovered in the Time component, where the Time parser mishandles invalid URLs with specific characters, causing an increase in execution time f...