BIT-ruby-min-2023-28756

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/ruby-min/BIT-ruby-min-2023-28756.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-ruby-min-2023-28756
Aliases
Published
2025-01-27T07:20:03.635Z
Modified
2025-01-27T08:56:45.661402Z
Summary
[none]
Details

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Database specific
{
    "cpes": [
        "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / ruby-min

Package

Name
ruby-min
Purl
pkg:bitnami/ruby-min

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.7.7