Skip to content

Commit 2f5d6fe

Browse files
Adrian-Hirtpostmodern
Adrian-Hirt
authored and
postmodern
committed
Add gems/uri/CVE-2023-28755.yml
1 parent 0453a1e commit 2f5d6fe

2 files changed

Lines changed: 19 additions & 0 deletions

File tree

CONTRIBUTORS.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,5 +38,6 @@ This database would not be possible without volunteers willing to submit pull re
3838
* [Brendan Coles](https://github.com/bcoles)
3939
* [Florian Wininger](https://github.com/fwininger)
4040
* [Al Snow](https://github.com/jasnow)
41+
* [Adrian Hirt](https://github.com/Adrian-Hirt)
4142

4243
The rubysec.com domain was graciously donated by [Jordi Massaguer](https://github.com/jordimassaguerpla).

gems/uri/CVE-2023-28755.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
---
2+
gem: uri
3+
cve: 2023-28755
4+
ghsa: hv5j-3h9f-99c2
5+
url: https://github.com/advisories/GHSA-hv5j-3h9f-99c2
6+
date: 2023-03-31
7+
title: Ruby URI component ReDoS issue
8+
description: |
9+
A ReDoS issue was discovered in the URI component through 0.12.0 in
10+
Ruby through 3.2.1. The URI parser mishandles invalid URLs that have
11+
specific characters. It causes an increase in execution time for parsing
12+
strings to URI objects. The fixed versions are 0.12.1, 0.11.1,
13+
0.10.2 and 0.10.0.1.
14+
patched_versions:
15+
- ~> 0.10.0.1
16+
- ~> 0.10.2
17+
- ~> 0.11.1
18+
- ">= 0.12.1"

0 commit comments

Comments
 (0)