BIT-RUBY-MIN-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

Regular Expression Denial of Service (ReDoS)

Overview date is a subclass of Object includes Comparable module for handling dates. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Date’s parsing methods including Date.parse are using regular expressions internally, some of which are vulnerable...