vulnerability
Alma Linux: CVE-2023-28756: Moderate: ruby:2.7 security, bug fix, and enhancement update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Mar 31, 2023 | Jul 4, 2023 | Apr 20, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Mar 31, 2023
Added
Jul 4, 2023
Modified
Apr 20, 2026
Description
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
Solutions
alma-upgrade-rubyalma-upgrade-ruby-bundled-gemsalma-upgrade-ruby-default-gemsalma-upgrade-ruby-develalma-upgrade-ruby-docalma-upgrade-ruby-irbalma-upgrade-ruby-libsalma-upgrade-rubygem-abrtalma-upgrade-rubygem-abrt-docalma-upgrade-rubygem-bigdecimalalma-upgrade-rubygem-bsonalma-upgrade-rubygem-bson-docalma-upgrade-rubygem-bundleralma-upgrade-rubygem-bundler-docalma-upgrade-rubygem-did_you_meanalma-upgrade-rubygem-io-consolealma-upgrade-rubygem-irbalma-upgrade-rubygem-jsonalma-upgrade-rubygem-minitestalma-upgrade-rubygem-mongoalma-upgrade-rubygem-mongo-docalma-upgrade-rubygem-mysql2alma-upgrade-rubygem-mysql2-docalma-upgrade-rubygem-net-telnetalma-upgrade-rubygem-opensslalma-upgrade-rubygem-pgalma-upgrade-rubygem-pg-docalma-upgrade-rubygem-power_assertalma-upgrade-rubygem-psychalma-upgrade-rubygem-rakealma-upgrade-rubygem-rbsalma-upgrade-rubygem-rdocalma-upgrade-rubygem-rexmlalma-upgrade-rubygem-rssalma-upgrade-rubygem-test-unitalma-upgrade-rubygem-typeprofalma-upgrade-rubygem-xmlrpcalma-upgrade-rubygemsalma-upgrade-rubygems-devel
References
- CVE-2023-28756
- https://attackerkb.com/topics/CVE-2023-28756
- CWE-1333
- EUVD-EUVD-2023-0999
- https://errata.almalinux.org/8/ALSA-2023-3821.html
- https://errata.almalinux.org/8/ALSA-2023-7025.html
- https://errata.almalinux.org/8/ALSA-2024-1431.html
- https://errata.almalinux.org/8/ALSA-2024-3500.html
- https://errata.almalinux.org/9/ALSA-2024-1576.html
- https://errata.almalinux.org/9/ALSA-2024-3838.html
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0999
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.