发布时间: 2023年4月14日
修改时间: 2024年10月31日
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 5.3 | 7.5 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | Low | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1839 | ruby security update | 2023年4月14日 |
| KylinSec-SA-2024-1067 | jruby security update | 2024年2月2日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | ruby | Fixed |
| KY3.4-5A | ruby | Fixed |
| KY3.5.2 | ruby | Fixed |
| KY3.5.1 | ruby | Fixed |
