Описание
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service (ReDoS).
Отчет
This vulnerability exists due to an incomplete fix for CVE-2023-28755 in upstream.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Will not fix | ||
| Red Hat Enterprise Linux 8 | ruby:3.0/ruby | Will not fix | ||
| Red Hat Enterprise Linux 9 | ruby | Will not fix | ||
| Red Hat Satellite 6 | puppet-agent | Affected | ||
| Red Hat Satellite 6 | ruby | Not affected | ||
| Red Hat Satellite 6 | rubygem-bundler | Not affected | ||
| Red Hat Software Collections | rh-ruby30-ruby | Will not fix | ||
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2024:1431 | 19.03.2024 |
| Red Hat Enterprise Linux 8 | ruby | Fixed | RHSA-2024:4499 | 11.07.2024 |
| Red Hat Enterprise Linux 9 | ruby | Fixed | RHSA-2024:1576 | 01.04.2024 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...
5.3 Medium
CVSS3