10 matches found
Internet Bug Bounty: [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore
A regular expression based Denial of Service DoS vulnerability was discovered in Active Support. The vulnerability allowed for a specially crafted string to cause the regular expression engine to enter a state of catastrophic backtracking, leading to excessive CPU and memory usage. The...
OESA-2023-1140 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization,time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...
OESA-2023-1145 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization,time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...
OESA-2023-1130 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...
SUSE CVE-2023-22796
A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...
CVE-2023-22796
A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...
DEBIAN-CVE-2023-22796
A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...
UBUNTU-CVE-2023-22796
A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory,...
GHSA-J6GC-792M-QGM2 ReDoS based DoS vulnerability in Active Support's underscore
There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 5.2.8.15 Rails LTS, which is a paid service and not part of the rubygem, 6.1.7.1,...
GHSA-G36H-6R4F-3MQP Regular Expression Denial of Service in string package
Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...