ReDoS Vulnerability in Ruby URI Component Before Version 0.12.2
CVE-2023-36617

5.3MEDIUM

Key Information:

Vendor

Ruby-lang

Status
Uri
Vendor
CVE Published:
29 June 2023

What is CVE-2023-36617?

A ReDoS vulnerability has been identified in the URI component of Ruby, affecting versions prior to 0.12.2. The issue arises from the URI parser's inability to handle specific invalid URL characters correctly, leading to significant delays in execution time when parsing strings into URI objects. This vulnerability is linked to an incomplete fix for a previous issue (CVE-2023-28755), which emphasizes the need for users to update to version 0.10.3 or later to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri...
https://security.netapp.com/advisory/ntap-20230725-0002/
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.