ReDoS in Ruby Time component <0.2.2 causes high CPU on URL parsing
CVE-2023-28756 Published on March 31, 2023

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2023-28756

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-28756 are published in these products:

Ruby Programming Language Time

Ruby Programming Language Ruby Language

Canonical Ubuntu Linux

Debian Linux

Fedora Project Fedora

Exploit Probability

EPSS

0.85%

Percentile

74.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

ReDoS in Ruby Time component <0.2.2 causes high CPU on URL parsingCVE-2023-28756 Published on March 31, 2023

Products Associated with CVE-2023-28756

Exploit Probability

ReDoS in Ruby Time component <0.2.2 causes high CPU on URL parsing
CVE-2023-28756 Published on March 31, 2023