DEBIAN-CVE-2023-28756

DEBIAN-CVE-2023-28756 PUBLISHED CVSS 5.300000190734863 MEDIUM

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:13	jruby	0, 0, 0
Debian:11	ruby2.7	0, 2.7.4-1, 0
Debian:12	ruby3.1	3.1.2-8.3, 3.1.2-8.4, 3.1.2-8.5
Debian:14	jruby	0, 0, 0
Debian:12	jruby	9.4.5.0+ds-1~exp1, 0, 9.4.12.0+ds-1~exp1

Exploit Intelligence

.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

Timeline

Mar 31, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-28756 advisory

Open in Interactive Console →