A ReDoS issue exists in the URI component up to and including 0.12.0 in Ruby up to and including 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang uri 0.12.0 |
||
ruby-lang uri 0.10.1 |
||
ruby-lang uri |
||
ruby-lang uri 0.11.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |