{"uuid": "5cec979d-5425-4b51-ad06-43b555952c0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28755", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4510", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28755\n\ud83d\udd25 CVSS Score: 7.5 (CVSS_V3)\n\ud83d\udd39 Description: A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.\n\ud83d\udccf Published: 2023-03-31T06:30:15Z\n\ud83d\udccf Modified: 2025-02-14T22:15:24Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-28755\n2. https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755\n3. https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released\n4. https://www.ruby-lang.org/en/downloads/releases\n5. https://security.netapp.com/advisory/ntap-20230526-0003\n6. https://security.gentoo.org/glsa/202401-27\n7. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z\n8. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T\n9. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA\n10. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z\n11. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ\n12. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T\n13. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA\n14. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF\n15. https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html\n16. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml\n17. https://github.com/ruby/uri/releases\n18. https://github.com/ruby/uri", "creation_timestamp": "2025-02-14T23:10:47.000000Z"}