CVE-2023-28755

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-28755

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28755.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-28755

Aliases

GHSA-hv5j-3h9f-99c2

Downstream

ALPINE-CVE-2023-28755

BELL-CVE-2023-28755

DEBIAN-CVE-2023-28755

DLA-3408-1

DLA-3447-1

DLA-3858-1

DLA-4163-1

ECHO-97f1-838f-206b

OESA-2023-1226

RHSA-2023:3291

RHSA-2023:3821

RHSA-2023:7025

RHSA-2024:1431

RHSA-2024:1576

RHSA-2024:3500

RHSA-2024:3838

RLSA-2023:3821

RLSA-2023:7025

RLSA-2024:1431

RLSA-2024:1576

SUSE-SU-2023:4176-1

UBUNTU-CVE-2023-28755

USN-6055-1

USN-6055-2

USN-6087-1

USN-6219-1

USN-7735-1

openSUSE-SU-2024:12828-1

openSUSE-SU-2024:12849-1

openSUSE-SU-2024:13623-1

openSUSE-SU-2025:14621-1

openSUSE-SU-2025:15819-1

Related

Published

2023-03-31T00:00:00Z

Modified

2026-05-15T04:06:41.297152982Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28755.json",
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "3.2.1"
                }
            ]
        }
    ],
    "cna_assigner": "mitre"
}

References

Affected packages