A ReDoS issue exists in the Time component up to and including 0.2.1 in Ruby up to and including 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang time 0.2.1 |
||
ruby-lang time 0.1.0 |
||
ruby-lang ruby |
||
debian debian linux 10.0 |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |