发布于3月6日3月6日 Members Amazon Linux 2023: CVE-2023-28755: Important priority package update for ruby3.2 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS). Solution(s) amazon-linux-2023-upgrade-ruby3-2 amazon-linux-2023-upgrade-ruby3-2-bundled-gems amazon-linux-2023-upgrade-ruby3-2-bundled-gems-debuginfo amazon-linux-2023-upgrade-ruby3-2-debuginfo amazon-linux-2023-upgrade-ruby3-2-debugsource amazon-linux-2023-upgrade-ruby3-2-default-gems amazon-linux-2023-upgrade-ruby3-2-devel amazon-linux-2023-upgrade-ruby3-2-doc amazon-linux-2023-upgrade-ruby3-2-libs amazon-linux-2023-upgrade-ruby3-2-libs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bundler amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-irb amazon-linux-2023-upgrade-ruby3-2-rubygem-json amazon-linux-2023-upgrade-ruby3-2-rubygem-json-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-minitest amazon-linux-2023-upgrade-ruby3-2-rubygem-power-assert amazon-linux-2023-upgrade-ruby3-2-rubygem-psych amazon-linux-2023-upgrade-ruby3-2-rubygem-psych-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rake amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rdoc amazon-linux-2023-upgrade-ruby3-2-rubygem-rexml amazon-linux-2023-upgrade-ruby3-2-rubygem-rss amazon-linux-2023-upgrade-ruby3-2-rubygems amazon-linux-2023-upgrade-ruby3-2-rubygems-devel amazon-linux-2023-upgrade-ruby3-2-rubygem-test-unit amazon-linux-2023-upgrade-ruby3-2-rubygem-typeprof References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755 https://alas.aws.amazon.com/AL2023/ALAS-2023-158.html
