发布于3月6日3月6日 Members Red Hat: CVE-2023-28756: ReDoS vulnerability in Time (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/28/2023 Added 06/28/2023 Modified 02/10/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) redhat-upgrade-ruby redhat-upgrade-ruby-bundled-gems redhat-upgrade-ruby-bundled-gems-debuginfo redhat-upgrade-ruby-debuginfo redhat-upgrade-ruby-debugsource redhat-upgrade-ruby-default-gems redhat-upgrade-ruby-devel redhat-upgrade-ruby-doc redhat-upgrade-ruby-irb redhat-upgrade-ruby-libs redhat-upgrade-ruby-libs-debuginfo redhat-upgrade-rubygem-abrt redhat-upgrade-rubygem-abrt-doc redhat-upgrade-rubygem-bigdecimal redhat-upgrade-rubygem-bigdecimal-debuginfo redhat-upgrade-rubygem-bson redhat-upgrade-rubygem-bson-debuginfo redhat-upgrade-rubygem-bson-debugsource redhat-upgrade-rubygem-bson-doc redhat-upgrade-rubygem-bundler redhat-upgrade-rubygem-bundler-doc redhat-upgrade-rubygem-did_you_mean redhat-upgrade-rubygem-io-console redhat-upgrade-rubygem-io-console-debuginfo redhat-upgrade-rubygem-irb redhat-upgrade-rubygem-json redhat-upgrade-rubygem-json-debuginfo redhat-upgrade-rubygem-minitest redhat-upgrade-rubygem-mongo redhat-upgrade-rubygem-mongo-doc redhat-upgrade-rubygem-mysql2 redhat-upgrade-rubygem-mysql2-debuginfo redhat-upgrade-rubygem-mysql2-debugsource redhat-upgrade-rubygem-mysql2-doc redhat-upgrade-rubygem-net-telnet redhat-upgrade-rubygem-openssl redhat-upgrade-rubygem-openssl-debuginfo redhat-upgrade-rubygem-pg redhat-upgrade-rubygem-pg-debuginfo redhat-upgrade-rubygem-pg-debugsource redhat-upgrade-rubygem-pg-doc redhat-upgrade-rubygem-power_assert redhat-upgrade-rubygem-psych redhat-upgrade-rubygem-psych-debuginfo redhat-upgrade-rubygem-rake redhat-upgrade-rubygem-rbs redhat-upgrade-rubygem-rbs-debuginfo redhat-upgrade-rubygem-rdoc redhat-upgrade-rubygem-rexml redhat-upgrade-rubygem-rss redhat-upgrade-rubygem-test-unit redhat-upgrade-rubygem-typeprof redhat-upgrade-rubygem-xmlrpc redhat-upgrade-rubygems redhat-upgrade-rubygems-devel References CVE-2023-28756 RHSA-2023:3821 RHSA-2023:7025 RHSA-2024:1431 RHSA-2024:1576 RHSA-2024:3500 RHSA-2024:3838 View more
