发布于3月6日3月6日 Members Ubuntu: (Multiple Advisories) (CVE-2023-28756): Ruby vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 05/05/2023 Added 05/05/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) ubuntu-pro-upgrade-libruby2-3 ubuntu-pro-upgrade-libruby2-5 ubuntu-pro-upgrade-libruby2-7 ubuntu-pro-upgrade-libruby3-1 ubuntu-pro-upgrade-ruby2-3 ubuntu-pro-upgrade-ruby2-5 ubuntu-pro-upgrade-ruby2-7 ubuntu-pro-upgrade-ruby3-1 References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 USN-6055-1 USN-6087-1 USN-6181-1
