A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-29T00:00:00
Updated: 2024-05-04T03:06:00.613164
Reserved: 2023-06-25T00:00:00
Link: CVE-2023-36617
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-29T13:15:09.583
Modified: 2024-05-04T03:15:06.833
Link: CVE-2023-36617
JSON object: View
Redhat Information
No data.
CWE