A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
History

Wed, 27 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-03-31T00:00:00

Updated: 2024-11-27T14:53:22.202Z

Reserved: 2023-03-23T00:00:00

Link: CVE-2023-28756

cve-icon Vulnrichment

Updated: 2024-08-02T13:51:37.879Z

cve-icon NVD

Status : Modified

Published: 2023-03-31T04:15:09.090

Modified: 2024-11-21T07:55:56.653

Link: CVE-2023-28756

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-03-21T00:00:00Z

Links: CVE-2023-28756 - Bugzilla