AlmaLinux 8 : ruby:2.7 (ALSA-2023:3821)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3821 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time CVE-2023-287...

ReDoS vulnerability in URI

We have released the uri gem version 0.12.2, 0.10.3 that has a security fix for a ReDoS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2023-36617. Details A ReDoS issue was discovered in the URI component through 0.12.1 for Ruby. The URI parser mishandles invalid URLs...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. A security vulnerability exists in Ruby versions prior to 0.12.2, which stems from a ReDoS issue found in the URI component, where the URI parser incorrectly handle...

CVE-2023-36617

CVE-2023-36617 is a ReDoS in Ruby’s URI parser prior to 0.12.2, where invalid URLs containing specific characters trigger significantly longer parsing times via rfc2396_parser.rb and rfc3986_parser.rb. This stems from an incomplete fix related to CVE-2023-28755; 0.10.3 is also listed as a fixed v...

CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

Code injection

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

SUSE-SU-2023:2693-1 Security update for python-sqlparse

This update for python-sqlparse fixes the following issues: - CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS bsc1210617...

Updated mediawiki packages fix security vulnerability

Bundled PapaParse copy in VisualEditor has known ReDos CVE-2020-36649. An issue was discovered in MediaWiki before 1.35.9. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These fil...

PT-2023-18427 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.10 through 16.0 Description: An issue has been discovered in GitLab, leading to a ReDoS vulnerability in the Jira prefix. Recommendations: For GitLab versions 15.10 through 16.0, update to version 16.1 or later to resolve t...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

CVE-2023-2232

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix...

CVE-2023-2232

Removed by vendor...

Moderate: Red Hat Security Advisory: ruby:2.7 security, bug fix, and enhancement update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : ruby:2.7 (RHSA-2023:3821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3821 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CentOS 8 : ruby:2.7 (CESA-2023:3821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:3821 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

ALSA-2023:3821 Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.7. BZ2189465 Security Fixes: ruby/cgi-gem: HTTP response splitting i...