QID 356299
Date Published: 2023-09-28
QID 356299: Amazon Linux Security Advisory for ruby : ALASRUBY3.0-2023-001
A redos issue was discovered in the uri component through 0.12.0 in ruby through 3.2.1.
The uri parser mishandles invalid urls that have specific characters.
It causes an increase in execution time for parsing strings to uri objects.
The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. (
( CVE-2023-28755) a redos issue was discovered in the time component through 0.2.1 in ruby through 3.2.1.
The time parser mishandles invalid urls that have specific characters.
It causes an increase in execution time for parsing strings to time objects.
The fixed versions are 0.1.1 and 0.2.2. (
( CVE-2023-28756)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALASRUBY3.0-2023-001 for affected packages and patching details, or update with your package manager.
Vendor References
- ALASRUBY3.0-2023-001 -
alas.aws.amazon.com/AL2/ALASRUBY3.0-2023-001.html
CVEs related to QID 356299
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALASRUBY3.0-2023-001 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALASRUBY3.0-2023-001.html |