Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-28756

Опубликовано: 31 мар. 2023
Источник: debian
EPSS Низкий

Описание

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby3.1removedpackage
ruby3.1no-dsabookwormpackage
ruby2.7removedpackage
ruby2.5removedpackage
jrubyfixed9.4.3.0+ds-1~exp1experimentalpackage
jrubyfixed9.4.5.0+ds-1package
jrubyignoredbookwormpackage

Примечания

  • Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4)

  • Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2)

  • Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2)

  • https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

  • https://github.com/jruby/jruby/commit/36637a1b4e434cbb75c8f87be128b7763cedf99d (9.4.3.0)

EPSS

Процентиль: 72%
0.00758
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-28756

CVSS3: 5.3
ubuntu
больше 2 лет назад

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

redhat логотип

CVE-2023-28756

CVSS3: 5.3
redhat
больше 2 лет назад

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

nvd логотип

CVE-2023-28756

CVSS3: 5.3
nvd
больше 2 лет назад

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

github логотип

GHSA-fg7x-g82r-94qc

CVSS3: 7.5
github
больше 2 лет назад

Ruby Time component ReDoS issue

fstec логотип

BDU:2023-02020

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость библиотеки Time интерпретатора Ruby, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 72%
0.00758
Низкий