Vulnerabilities > CVE-2023-28756

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
network
low complexity
ruby-lang
debian
fedoraproject

Summary

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
1028
OS
Debian
1
OS
Fedoraproject
3

References