CVE-2023-28756

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-28756

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28756.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28756

Aliases

Related

Published

2023-03-31T04:15:09Z

Modified

2024-09-11T06:12:43.450155Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

References

Affected packages

Alpine:v3.14 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.8-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.3-r2

2.5.5-r0

2.6.3-r0

2.6.3-r1

2.6.3-r2

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.6-r2

2.6.6-r3

2.6.6-r4

2.7.1-r0

2.7.1-r1

2.7.1-r2

2.7.1-r3

2.7.1-r4

2.7.1-r5

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.7.3-r0

2.7.3-r1

2.7.4-r0

2.7.5-r0

2.7.6-r0

2.7.7-r0

Alpine:v3.15 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.6-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.3-r2

2.5.5-r0

2.6.3-r0

2.6.3-r1

2.6.3-r2

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.6-r2

2.6.6-r3

2.6.6-r4

2.7.1-r0

2.7.1-r1

2.7.1-r2

2.7.1-r3

2.7.1-r4

2.7.1-r5

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.7.3-r0

2.7.3-r1

2.7.4-r0

2.7.4-r1

2.7.4-r2

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.0.5-r0

Alpine:v3.16 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.4-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.3-r2

2.5.5-r0

2.6.3-r0

2.6.3-r1

2.6.3-r2

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.6-r2

2.6.6-r3

2.6.6-r4

2.7.1-r0

2.7.1-r1

2.7.1-r2

2.7.1-r3

2.7.1-r4

2.7.1-r5

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.7.3-r0

2.7.3-r1

2.7.4-r0

2.7.4-r1

2.7.4-r2

3.*

3.0.2-r0

3.0.3-r0

3.1.1-r0

3.1.2-r0

3.1.3-r0

Alpine:v3.17 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.4-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.3-r2

2.5.5-r0

2.6.3-r0

2.6.3-r1

2.6.3-r2

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.6-r2

2.6.6-r3

2.6.6-r4

2.7.1-r0

2.7.1-r1

2.7.1-r2

2.7.1-r3

2.7.1-r4

2.7.1-r5

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.7.3-r0

2.7.3-r1

2.7.4-r0

2.7.4-r1

2.7.4-r2

3.*

3.0.2-r0

3.0.3-r0

3.1.1-r0

3.1.2-r0

3.1.2-r1

3.1.3-r0

Alpine:v3.18 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.4-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.3-r2

2.5.5-r0

2.6.3-r0

2.6.3-r1

2.6.3-r2

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.6-r2

2.6.6-r3

2.6.6-r4

2.7.1-r0

2.7.1-r1

2.7.1-r2

2.7.1-r3

2.7.1-r4

2.7.1-r5

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.7.3-r0

2.7.3-r1

2.7.4-r0

2.7.4-r1

2.7.4-r2

3.*

3.0.2-r0

3.0.3-r0

3.1.1-r0

3.1.2-r0

3.1.2-r1

3.1.3-r0

Alpine:v3.19 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.4-r0

Affected versions

1.*

1.8.7_p72-r1

1.8.7_p72-r2

1.8.7_p160-r2

1.8.7_p160-r3

1.8.7_p174-r0

1.8.7_p174-r1

1.8.7_p174-r2

1.8.7_p174-r3

1.8.7_p174-r4

1.8.7_p174-r6

1.8.7_p174-r7

1.8.7_p299-r0

1.8.7_p299-r1

1.8.7_p299-r2

1.8.7_p352-r0

1.8.7_p352-r1

1.8.7_p358-r1

1.9.3_p194-r0

1.9.3_p286-r0

1.9.3_p286-r1

1.9.3_p286-r2

1.9.3_p327-r0

1.9.3_p362-r0

1.9.3_p374-r0

1.9.3_p385-r0

1.9.3_p392-r0

2.*

2.0.0_p0-r0

2.0.0_p0-r1

2.0.0_p195-r0

2.0.0_p247-r0

2.0.0_p247-r1

2.0.0_p247-r2

2.0.0_p247-r3

2.0.0_p353-r0

2.0.0_p353-r1

2.0.0_p353-r2

2.0.0_p481-r0

2.1.5-r0

2.1.5-r1

2.2.1-r0

2.2.2-r0

2.2.2-r1

2.2.3-r0

2.2.3-r1

2.2.4-r0

2.3.1-r0

2.3.1-r1

2.3.1-r2

2.3.2-r0

2.3.3-r0

2.3.3-r1

2.3.3-r2

2.3.3-r3

2.4.0-r3

2.4.1-r1

2.4.1-r2

2.4.1-r3

2.4.1-r4

2.4.1-r5

2.4.2-r0

2.4.2-r1

2.4.3-r0

2.5.0-r0

2.5.0-r1

2.5.1-r0

2.5.1-r1

2.5.1-r2

2.5.2-r0

2.5.3-r0

2.5.3-r1

2.5.3-r2

2.5.5-r0

2.6.3-r0

2.6.3-r1

2.6.3-r2

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.6-r2

2.6.6-r3

2.6.6-r4

2.7.1-r0

2.7.1-r1

2.7.1-r2

2.7.1-r3

2.7.1-r4

2.7.1-r5

2.7.2-r0

2.7.2-r1

2.7.2-r2

2.7.2-r3

2.7.2-r4

2.7.3-r0

2.7.3-r1

2.7.4-r0

2.7.4-r1

2.7.4-r2

3.*

3.0.2-r0

3.0.3-r0

3.1.1-r0

3.1.2-r0

3.1.2-r1

3.1.3-r0

Alpine:v3.20 / ruby

Package

Name: ruby
Purl: pkg:apk/alpine/ruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.4-r0

Debian:12 / jruby

Package

Name: jruby
Purl: pkg:deb/debian/jruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.3.9.0+ds-8

9.4.3.0+ds-1~exp1

9.4.3.0+ds-1~exp2

9.4.5.0+ds-1~exp1

9.4.5.0+ds-1

9.4.6.0+ds-1

9.4.6.0+ds-1.1

9.4.8.0+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jruby

Package

Name: jruby
Purl: pkg:deb/debian/jruby?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.4.5.0+ds-1

Affected versions

9.*

9.3.9.0+ds-8

9.4.3.0+ds-1~exp1

9.4.3.0+ds-1~exp2

9.4.5.0+ds-1~exp1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / ruby2.7

Package

Name: ruby2.7
Purl: pkg:deb/debian/ruby2.7?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.4-1+deb11u2

Affected versions

2.*

2.7.4-1

2.7.4-1+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby3.1

Package

Name: ruby3.1
Purl: pkg:deb/debian/ruby3.1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.2-7

3.1.2-7+deb12u1

3.1.2-7+hurd.1

3.1.2-8

3.1.2-8.1~exp1

3.1.2-8.3

3.1.2-8.4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby3.1

Package

Name: ruby3.1
Purl: pkg:deb/debian/ruby3.1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.2-7

3.1.2-7+hurd.1

3.1.2-8

3.1.2-8.1~exp1

3.1.2-8.3

3.1.2-8.4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ruby/ruby

Affected ranges

Type: GIT
Repo: https://github.com/ruby/ruby
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

168ec2b1e5ad0e4688e963d9de019557c78feed9

Type: GIT
Repo: https://github.com/ruby/time
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4cebf6de3c25321ca604d991e7a0c684268c656a

Last affected

652243ec44f7a0d04a3d4f57d241c670cf9f002e

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

Other

v1_0_r2

v2_7_0

v2_7_0_preview1

v2_7_0_preview2

v2_7_0_preview3

v2_7_0_rc1

v2_7_0_rc2

v2_7_1

v2_7_2

v2_7_3

v2_7_4

v2_7_5

v2_7_6

v2_7_7