Описание
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ruby | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ruby | Will not fix | ||
| Red Hat Enterprise Linux 9 | ruby | Not affected | ||
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:0543 | 16.02.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:5779 | 01.08.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:6447 | 13.09.2022 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2022:6450 | 13.09.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | ruby | Fixed | RHSA-2022:0581 | 21.02.2022 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | ruby | Fixed | RHSA-2022:0582 | 21.02.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | ruby | Fixed | RHSA-2022:0544 | 16.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...
Regular expression denial of service vulnerability (ReDoS) in date
EPSS
7.5 High
CVSS3