Launchpad CVE tracker

CVE 2023-28755

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

Related bugs and status

CVE-2023-28755 (Candidate) is related to these bugs:

Bug #2018547: puppet can no longer find puppet:// resources after ruby2.7 CVE Update

Summary				In	Importance	Status
	2018547	puppet can no longer find puppet:// resources after ruby2.7 CVE Update		puppet (Ubuntu)	Undecided	Invalid
	2018547	puppet can no longer find puppet:// resources after ruby2.7 CVE Update		ruby2.7 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.ruby-lang....
MISC: https://github.com/rub...
MISC: https://www.ruby-lang....
MISC: https://www.ruby-lang....
FEDORA: FEDORA-2023-6b924d3b75
FEDORA: FEDORA-2023-a7be7ea1aa
FEDORA: FEDORA-2023-f58d72c700
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...
GENTOO: GLSA-202401-27

Launchpad.net

CVE 2023-28755

Related bugs and status

Related bugs

References