发布于3月6日3月6日 Members Amazon Linux AMI 2: CVE-2023-28756: Security patch for ruby (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) amazon-linux-ami-2-upgrade-ruby amazon-linux-ami-2-upgrade-ruby-debuginfo amazon-linux-ami-2-upgrade-ruby-default-gems amazon-linux-ami-2-upgrade-ruby-devel amazon-linux-ami-2-upgrade-ruby-doc amazon-linux-ami-2-upgrade-ruby-irb amazon-linux-ami-2-upgrade-ruby-libs amazon-linux-ami-2-upgrade-ruby-tcltk amazon-linux-ami-2-upgrade-rubygem-bigdecimal amazon-linux-ami-2-upgrade-rubygem-bundler amazon-linux-ami-2-upgrade-rubygem-io-console amazon-linux-ami-2-upgrade-rubygem-irb amazon-linux-ami-2-upgrade-rubygem-json amazon-linux-ami-2-upgrade-rubygem-minitest amazon-linux-ami-2-upgrade-rubygem-power_assert amazon-linux-ami-2-upgrade-rubygem-psych amazon-linux-ami-2-upgrade-rubygem-rake amazon-linux-ami-2-upgrade-rubygem-rbs amazon-linux-ami-2-upgrade-rubygem-rdoc amazon-linux-ami-2-upgrade-rubygem-rexml amazon-linux-ami-2-upgrade-rubygem-rss amazon-linux-ami-2-upgrade-rubygem-test-unit amazon-linux-ami-2-upgrade-rubygem-typeprof amazon-linux-ami-2-upgrade-rubygems amazon-linux-ami-2-upgrade-rubygems-devel References https://attackerkb.com/topics/cve-2023-28756 AL2/ALAS-2023-2084 AL2/ALASRUBY3.0-2023-001 CVE - 2023-28756
