Inefficient Regular Expression Complexity
CVE-2023-36617
Summary
A ReDoS issue was discovered in the URI component in version 0.10.0, 0.10.0.1, 0.10.0.2, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.12.0, and 0.12.1. for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with "rfc2396_parser.rb" and "rfc3986_parser.rb".
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Advisory Timeline
- Published
