Published: 29/06/2023 Updated: 25/07/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

A ReDoS issue exists in the URI component prior to 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ruby-lang uri

DescriptionThe MITRE CVE dictionary describes this issue as: A ReDoS issue was discovered in the URI component before 0122 for Ruby The URI parser mishandles invalid URLs that have specific characters There is an increase in execution time for parsing strings to URI objects with rfc2396_parserrb and rfc3986_parserrb NOTE: this issue exists b ...

Critical Infrastructure Sectors: Critical Manufacturing

💎 The missing cheatsheet for Ruby

Table of Contents Table of Contents The latest news from ruby-langorg Installation How to install Ruby Debian, Ubuntu Windows Package Manager macOS Docker Install rbenv with package managers macOS Debian, ubuntu and other derivatives Install ruby with rbenv Install ruby with RVM How to install ruby gem manager, bundler gem What is a Gemfile and Gemfilelock How to inst

CWE-1333 https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/https://security.netapp.com/advisory/ntap-20230725-0002/https://nvd.nist.gov https://github.com/lifeparticle/Ruby-Cheatsheet https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://access.redhat.com/security/cve/cve-2023-36617

CVE-2023-36617

Vulnerability Summary

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect