发布于3月6日3月6日 Members Alma Linux: CVE-2023-28755: Moderate: ruby:2.7 security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) alma-upgrade-ruby alma-upgrade-ruby-bundled-gems alma-upgrade-ruby-default-gems alma-upgrade-ruby-devel alma-upgrade-ruby-doc alma-upgrade-ruby-irb alma-upgrade-ruby-libs alma-upgrade-rubygem-abrt alma-upgrade-rubygem-abrt-doc alma-upgrade-rubygem-bigdecimal alma-upgrade-rubygem-bson alma-upgrade-rubygem-bson-doc alma-upgrade-rubygem-bundler alma-upgrade-rubygem-bundler-doc alma-upgrade-rubygem-did_you_mean alma-upgrade-rubygem-io-console alma-upgrade-rubygem-irb alma-upgrade-rubygem-json alma-upgrade-rubygem-minitest alma-upgrade-rubygem-mongo alma-upgrade-rubygem-mongo-doc alma-upgrade-rubygem-mysql2 alma-upgrade-rubygem-mysql2-doc alma-upgrade-rubygem-net-telnet alma-upgrade-rubygem-openssl alma-upgrade-rubygem-pg alma-upgrade-rubygem-pg-doc alma-upgrade-rubygem-power_assert alma-upgrade-rubygem-psych alma-upgrade-rubygem-rake alma-upgrade-rubygem-rbs alma-upgrade-rubygem-rdoc alma-upgrade-rubygem-rexml alma-upgrade-rubygem-rss alma-upgrade-rubygem-test-unit alma-upgrade-rubygem-typeprof alma-upgrade-rubygem-xmlrpc alma-upgrade-rubygems alma-upgrade-rubygems-devel References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755 https://errata.almalinux.org/8/ALSA-2023-3821.html https://errata.almalinux.org/8/ALSA-2023-7025.html https://errata.almalinux.org/8/ALSA-2024-1431.html https://errata.almalinux.org/8/ALSA-2024-3500.html https://errata.almalinux.org/9/ALSA-2024-1576.html https://errata.almalinux.org/9/ALSA-2024-3838.html View more
