CVE-2021-32740

Addressable's URI template engine is vulnerable to Denial of Service via catastrophic backtracking when processing malicious templates. The issue exists in versions 2.3.0 through 2.7.0 and is fixed in 2.8.0. Affected software: ruby-addressableRoot cause: flawed URI template matching leading to un...

CVE-2026-35611

Addressable (Ruby URI template implementation) versions 2.3.0–before 2.9.0 are affected by two classes of URI template generation that create regular expressions susceptible to catastrophic backtracking. Templates using the explode modifier with any expansion operator (e.g., {foo*}, {+var*}, {#va...