OESA-2023-1100

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1100

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1100.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1100

Upstream

CVE-2023-22799

Published

2023-02-17T11:04:55Z

Modified

2025-08-12T05:18:18.344658Z

Summary

rubygem-globalid security update

Details

URIs for your models makes it easy to pass references around.

Security Fix(es):

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / rubygem-globalid

Package

Name: rubygem-globalid
Purl: pkg:rpm/openEuler/rubygem-globalid&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.2-3.oe1

Ecosystem specific

{
    "noarch": [
        "rubygem-globalid-doc-0.4.2-3.oe1.noarch.rpm",
        "rubygem-globalid-0.4.2-3.oe1.noarch.rpm"
    ],
    "src": [
        "rubygem-globalid-0.4.2-3.oe1.src.rpm"
    ]
}