CVE-2023-28756
Published Mar 31, 2023
Last updated 10 months ago
Overview
- Description
- A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-1333
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AFF74E1-5365-4D53-9D5A-B61F9DF2BA6C",
"versionEndIncluding": "2.7.7"
},
{
"criteria": "cpe:2.3:a:ruby-lang:time:0.1.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "209A0CC6-4BC5-4794-B71A-3C7AC6C5AF91"
},
{
"criteria": "cpe:2.3:a:ruby-lang:time:0.2.1:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1F88CA-F758-4984-B132-7C0E944D92D8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
],
"operator": "OR"
}
]
}
]