GHSA-fg7x-g82r-94qc

Source

https://github.com/advisories/GHSA-fg7x-g82r-94qc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-fg7x-g82r-94qc/GHSA-fg7x-g82r-94qc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fg7x-g82r-94qc

Aliases

Related

Published

2023-03-31T06:30:15Z

Modified

2025-01-27T08:58:50.093223Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Ruby Time component ReDoS issue

Details

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Database specific

{
    "nvd_published_at": "2023-03-31T04:15:00Z",
    "cwe_ids": [
        "CWE-1333"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-31T22:43:54Z"
}

References

Affected packages

RubyGems / time

Package

Name: time
Purl: pkg:gem/time

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.2.0

Fixed

0.2.2

Affected versions

0.*

0.2.0

0.2.1

RubyGems / time

Package

Name: time
Purl: pkg:gem/time

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.1.1

Affected versions

0.*

0.1.0