发布于3月6日3月6日 Members CentOS Linux: CVE-2023-28755: Moderate: ruby:2.7 security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) centos-upgrade-ruby centos-upgrade-ruby-debuginfo centos-upgrade-ruby-debugsource centos-upgrade-ruby-default-gems centos-upgrade-ruby-devel centos-upgrade-ruby-doc centos-upgrade-ruby-irb centos-upgrade-ruby-libs centos-upgrade-ruby-libs-debuginfo centos-upgrade-rubygem-abrt centos-upgrade-rubygem-abrt-doc centos-upgrade-rubygem-bigdecimal centos-upgrade-rubygem-bigdecimal-debuginfo centos-upgrade-rubygem-bson centos-upgrade-rubygem-bson-debuginfo centos-upgrade-rubygem-bson-debugsource centos-upgrade-rubygem-bson-doc centos-upgrade-rubygem-bundler centos-upgrade-rubygem-bundler-doc centos-upgrade-rubygem-did_you_mean centos-upgrade-rubygem-io-console centos-upgrade-rubygem-io-console-debuginfo centos-upgrade-rubygem-irb centos-upgrade-rubygem-json centos-upgrade-rubygem-json-debuginfo centos-upgrade-rubygem-minitest centos-upgrade-rubygem-mongo centos-upgrade-rubygem-mongo-doc centos-upgrade-rubygem-mysql2 centos-upgrade-rubygem-mysql2-debuginfo centos-upgrade-rubygem-mysql2-debugsource centos-upgrade-rubygem-mysql2-doc centos-upgrade-rubygem-net-telnet centos-upgrade-rubygem-openssl centos-upgrade-rubygem-openssl-debuginfo centos-upgrade-rubygem-pg centos-upgrade-rubygem-pg-debuginfo centos-upgrade-rubygem-pg-debugsource centos-upgrade-rubygem-pg-doc centos-upgrade-rubygem-power_assert centos-upgrade-rubygem-psych centos-upgrade-rubygem-psych-debuginfo centos-upgrade-rubygem-rake centos-upgrade-rubygem-rdoc centos-upgrade-rubygem-test-unit centos-upgrade-rubygem-xmlrpc centos-upgrade-rubygems centos-upgrade-rubygems-devel References CVE-2023-28755
