发布于3月6日3月6日 Members FreeBSD: VID-9B60BBA1-CF18-11ED-BD44-080027F5FEC9 (CVE-2023-28755): rubygem-uri -- ReDoS vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/28/2023 Created 04/04/2023 Added 04/01/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) freebsd-upgrade-package-ruby freebsd-upgrade-package-ruby27 freebsd-upgrade-package-ruby30 freebsd-upgrade-package-ruby31 freebsd-upgrade-package-ruby32 freebsd-upgrade-package-rubygem-uri References CVE-2023-28755
