Lucene search
Veracode Vulnerability DatabaseVERACODE:38960HistoryJan 23, 2023 - 5:35 a.m.
Regular Expression Denial Of Service (ReDoS)
2023-01-2305:35:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
sisimai
redos
to_plain
string.rb
vulnerability
application crash
software
EPSS
0.005
Percentile
77.6%
sisimai is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability exists in the to_plain function in string.rb due to inefficient regular expression complexity which leads to an application crash.
References
gist.githubusercontent.com/gmcabrita/e5dc0332473fc2e3a7a407434c8d21c7/raw/00b12035e5e1b685469f143b94301a50306376ba/example.html
github.com/advisories/GHSA-vm74-j4wq-82xj
github.com/sisimai/rb-sisimai/commit/51fe2e6521c9c02b421b383943dc9e4bbbe65d4e
github.com/sisimai/rb-sisimai/pull/244
github.com/sisimai/rb-sisimai/releases/tag/v4.25.14p12
vuldb.com/?ctiid.218452
vuldb.com/?id.218452
Related
nvd
nvd
CVE-2022-4891
2023-01-17 20:15:11
osv
osv
Sisimai Inefficient Regular Expression Complexity vulnerability
2023-01-17 21:30:22
CVE-2022-4891
2023-01-17 20:15:11
github
github
Sisimai Inefficient Regular Expression Complexity vulnerability
2023-01-17 21:30:22
cvelist
cvelist
CVE-2022-4891 Sisimai string.rb to_plain redos
2023-01-17 19:58:03
rubygems
rubygems
Sisimai Inefficient Regular Expression Complexity vulnerability
2023-01-16 21:00:00
cve
cve
CVE-2022-4891
2023-01-17 20:15:11
prion
prion
Design/Logic Flaw
2023-01-17 20:15:00