Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2023-28755

Published: 31/03/2023 Updated: 04/05/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Ruby-lang

Vulnerability Summary

A ReDoS issue exists in the URI component up to and including 0.12.0 in Ruby up to and including 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang uri 0.12.0

ruby-lang uri 0.10.1

ruby-lang uri

ruby-lang uri 0.11.0

debian debian linux 10.0

fedoraproject fedora 36

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: jruby: CVE-2023-28755 CVE-2023-28756
Debian Bug report logs - #1036283 jruby: CVE-2023-28755 CVE-2023-28756 Package: src:jruby; Maintainer for src:jruby is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 18 May 2023 13:24:06 UTC Severity: normal Tags: security, upstream ...
Red Hat: Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
Synopsis Moderate: rh-ruby27-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-ruby27-ruby is now available for Red Hat Software CollectionsRed Hat Product Sec ...
Red Hat: Moderate: ruby:2.7 security, bug fix, and enhancement update
Synopsis Moderate: ruby:27 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Securi ...
Red Hat: Moderate: ruby:2.5 security update
概要 Moderate: ruby:25 security update タイプ/重大度 Security Advisory: Moderate Red Hat Insights パッチ分析 このアドバイザリーの影響を受けるシステムを特定し、修正します。 影響を受けるシステムの表示 トピック An update for the ruby:25 module is now available for Red Hat E ...
Amazon Linux 2: ALASRUBY3.0-2023-001
A ReDoS issue was discovered in the URI component through 0120 in Ruby through 321 The URI parser mishandles invalid URLs that have specific characters It causes an increase in execution time for parsing strings to URI objects The fixed versions are 0121, 0111, 0102 and 01001 (CVE-2023-28755) A ReDoS issue was discovered in the Tim ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-1333https://github.com/ruby/uri/releases/https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/https://www.ruby-lang.org/en/downloads/releases/https://lists.debian.org/debian-lts-announce/2023/04/msg00033.htmlhttps://security.netapp.com/advisory/ntap-20230526-0003/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T/https://security.gentoo.org/glsa/202401-27https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036283https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://alas.aws.amazon.com/AL2/ALASRUBY3.0-2023-001.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook