• CVE-2023-36617: ReDoS vulnerability in URI

    Updated: 2023-06-29 01:00:00
    : Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu CVE-2023-36617 : ReDoS vulnerability in URI Posted by hsbt on 29 Jun 2023 We have released the uri gem version 0.12.2, 0.10.3 that has a security fix for a ReDoS vulnerability . This vulnerability has been assigned the CVE identifier CVE-2023-36617 Details A ReDoS issue was discovered in the URI component through 0.12.1 for Ruby . The URI parser mishandles invalid URLs that have specific characters . There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and . rfc3986_parser.rb NOTE : this issue exists becuse of an incomplete fix for CVE-2023-28755 The uri gem version 0.12.1 and all versions prior 0.12.1 are vulnerable for this .

Current Feed Items | Previous Months Items

May 2023 | Apr 2023 | Mar 2023 | Feb 2023 | Jan 2023 | Dec 2022