{"api_version":"1","generated_at":"2026-04-22T19:36:33+00:00","cve":"CVE-2023-22799","urls":{"html":"https://cve.report/CVE-2023-22799","api":"https://cve.report/api/cve/CVE-2023-22799.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-22799","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-22799"},"summary":{"title":"CVE-2023-22799","description":"A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2023-02-09 20:15:00","updated_at":"2023-02-16 20:18:00"},"problem_types":["CWE-1333"],"metrics":[],"references":[{"url":"https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127","name":"https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127","refsource":"MISC","tags":[],"title":"[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID - Security Announcements - Ruby on Rails Discussions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-22799","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22799","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"22799","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rubyonrails","cpe5":"globalid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"ruby","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-22799","qid":"182421","title":"Debian Security Update for ruby-globalid (CVE-2023-22799)"},{"cve":"CVE-2023-22799","qid":"242347","title":"Red Hat Update for Satellite 6.14 (RHSA-2023:6818)"},{"cve":"CVE-2023-22799","qid":"753651","title":"SUSE Enterprise Linux Security Update for rubygem-globalid (SUSE-SU-2023:0328-1)"},{"cve":"CVE-2023-22799","qid":"961065","title":"Rocky Linux Security Update for Satellite (RLSA-2023:6818)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-22799","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"https://github.com/rails/globalid","version":{"version_data":[{"version_value":"1.0.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service (CWE-400)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127","url":"https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127"}]},"description":{"description_data":[{"lang":"eng","value":"A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately."}]}},"nvd":{"publishedDate":"2023-02-09 20:15:00","lastModifiedDate":"2023-02-16 20:18:00","problem_types":["CWE-1333"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rubyonrails:globalid:*:*:*:*:*:ruby:*:*","versionStartIncluding":"0.2.1","versionEndExcluding":"1.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}