CVE-2023-36617

CVSS v3.1 5.3 (Medium)

EPSS 0.15 % (51^th)

Affected Products 1

Advisories 13

NVD Status Modified

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

Weaknesses

CWE-1333: Inefficient Regular Expression Complexity

Related CVEs

CVE-2023-28755

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2023-06-29 13:15:09
(14 months ago)
Updated Date: 2024-05-04 03:15:06
(4 months ago)

Affected Products

Ruby-lang

Configuration #1

		CPE23	From	Up To
	Ruby-lang Uri for Ruby prior 0.10.3 version	cpe:2.3:a:ruby-lang:uri::::::ruby		< 0.10.3
	Ruby-lang Uri for Ruby from 0.11.0 version and prior 0.12.2 version	cpe:2.3:a:ruby-lang:uri::::::ruby	>= 0.11.0	< 0.12.2