cvrf2cusa/cusa/r/ruby/ruby-3.0.3-131_openEuler-SA-2023-1427.json

{
  "id": "openEuler-SA-2023-1427",
  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1427",
  "title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
  "severity": "Medium",
  "description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\n\nSecurity Fix(es):\n\nA ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.(CVE-2023-36617)",
  "cves": [
    {
      "id": "CVE-2023-36617",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36617",
      "severity": "Medium"
    }
  ]
}
增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-07-02 07:51:55 +00:00			`{`
			`"id": "openEuler-SA-2023-1427",`
			`"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1427",`
			`"title": "An update for ruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",`
release v0.1.2 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-08-01 02:25:22 +00:00			`"severity": "Medium",`
增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-07-02 07:51:55 +00:00			"description": "Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks (such as Perl).\n\nSecurity Fix(es):\n\nA ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.(CVE-2023-36617)",
			`"cves": [`
			`{`
			`"id": "CVE-2023-36617",`
			`"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36617",`
release v0.1.2 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-08-01 02:25:22 +00:00			`"severity": "Medium"`
增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn> 2024-07-02 07:51:55 +00:00			`}`
			`]`
			`}`