Ruby-lang URI 0.10.0 for Ruby

CPE Details

Ruby-lang URI 0.10.0 for Ruby
ruby-lang
uri
0.10.0
2023-04-07
11h15 +00:00
2023-04-07
12h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ruby-lang:uri:0.10.0:*:*:*:*:ruby:*:*

Informations

Vendor

ruby-lang

Product

uri

Version

0.10.0

Target Software

ruby

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-36617 2023-06-28 22h00 +00:00 A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
5.3
Medium
CVE-2023-28755 2023-03-31 00h00 +00:00 A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.
5.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.