In the Ruby "date" gem before versions 3.2.1, 3.1.2, 3.0.2, and 2.0.1, there is a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective denial of service attack.
In the Ruby "date" gem before versions 3.2.1, 3.1.2, 3.0.2, and 2.0.1, there is a regular expression denial of service vulnerability (ReDoS) on date parsing methods. An attacker can exploit this vulnerability to cause an effective denial of service attack.
https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/