CVE-2023-36617: ReDoS vulnerability in URI
Updated: 2023-06-29 01:00:00
: Ruby A Programmer's Best Friend Home Downloads Documentation Libraries Community News Security About Ruby Menu CVE-2023-36617 : ReDoS vulnerability in URI Posted by hsbt on 29 Jun 2023 We have released the uri gem version 0.12.2, 0.10.3 that has a security fix for a ReDoS vulnerability . This vulnerability has been assigned the CVE identifier CVE-2023-36617 Details A ReDoS issue was discovered in the URI component through 0.12.1 for Ruby . The URI parser mishandles invalid URLs that have specific characters . There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and . rfc3986_parser.rb NOTE : this issue exists becuse of an incomplete fix for CVE-2023-28755 The uri gem version 0.12.1 and all versions prior 0.12.1 are vulnerable for this .