OESA-2023-1102

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1102

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1102.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1102

Upstream

CVE-2023-22799

Published

2023-02-17T11:04:55Z

Modified

2025-08-12T05:18:19.516206Z

Summary

rubygem-globalid security update

Details

URIs for your models makes it easy to pass references around.

Security Fix(es):

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.(CVE-2023-22799)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS / rubygem-globalid

Package

Name: rubygem-globalid
Purl: pkg:rpm/openEuler/rubygem-globalid&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.2-4.oe2203

Ecosystem specific

{
    "noarch": [
        "rubygem-globalid-0.4.2-4.oe2203.noarch.rpm",
        "rubygem-globalid-doc-0.4.2-4.oe2203.noarch.rpm"
    ],
    "src": [
        "rubygem-globalid-0.4.2-4.oe2203.src.rpm"
    ]
}