vulnerability
Amazon Linux 2023: CVE-2023-36617: Medium priority package update for ruby3.2
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jun 29, 2023 | Feb 17, 2025 | Feb 17, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jun 29, 2023
Added
Feb 17, 2025
Modified
Feb 17, 2025
Description
A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service (ReDoS).
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service (ReDoS).
Solution(s)
amazon-linux-2023-upgrade-ruby3-2amazon-linux-2023-upgrade-ruby3-2-bundled-gemsamazon-linux-2023-upgrade-ruby3-2-bundled-gems-debuginfoamazon-linux-2023-upgrade-ruby3-2-debuginfoamazon-linux-2023-upgrade-ruby3-2-debugsourceamazon-linux-2023-upgrade-ruby3-2-default-gemsamazon-linux-2023-upgrade-ruby3-2-develamazon-linux-2023-upgrade-ruby3-2-docamazon-linux-2023-upgrade-ruby3-2-libsamazon-linux-2023-upgrade-ruby3-2-libs-debuginfoamazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimalamazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal-debuginfoamazon-linux-2023-upgrade-ruby3-2-rubygem-bundleramazon-linux-2023-upgrade-ruby3-2-rubygem-io-consoleamazon-linux-2023-upgrade-ruby3-2-rubygem-io-console-debuginfoamazon-linux-2023-upgrade-ruby3-2-rubygem-irbamazon-linux-2023-upgrade-ruby3-2-rubygem-jsonamazon-linux-2023-upgrade-ruby3-2-rubygem-json-debuginfoamazon-linux-2023-upgrade-ruby3-2-rubygem-minitestamazon-linux-2023-upgrade-ruby3-2-rubygem-power-assertamazon-linux-2023-upgrade-ruby3-2-rubygem-psychamazon-linux-2023-upgrade-ruby3-2-rubygem-psych-debuginfoamazon-linux-2023-upgrade-ruby3-2-rubygem-rakeamazon-linux-2023-upgrade-ruby3-2-rubygem-rbsamazon-linux-2023-upgrade-ruby3-2-rubygem-rbs-debuginfoamazon-linux-2023-upgrade-ruby3-2-rubygem-rdocamazon-linux-2023-upgrade-ruby3-2-rubygem-rexmlamazon-linux-2023-upgrade-ruby3-2-rubygem-rssamazon-linux-2023-upgrade-ruby3-2-rubygemsamazon-linux-2023-upgrade-ruby3-2-rubygems-develamazon-linux-2023-upgrade-ruby3-2-rubygem-test-unitamazon-linux-2023-upgrade-ruby3-2-rubygem-typeprof
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.