Description

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Remediation

References

CVE-2023-28756

Related Vulnerabilities

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-7936)

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Unspecified Vulnerability (2.3.8)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1365)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.225)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Multiple Cross-Site Scripting Vulnerabilities (4.2.9)

Severity

High

Classification

CVE-2023-28756 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities