Bugzilla – Bug 1207587
VUL-0: CVE-2023-22799: rubygem-globalid: ReDoS vulnerability
Last modified: 2024-05-03 10:42:12 UTC
rh#2164730 There is a possible DoS vulnerability in the model name parsing section of the GlobalID gem. Carefully crafted input can cause the regular expression engine to take an unexpected amount of time. Upstream fix: https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b References: https://bugzilla.redhat.com/show_bug.cgi?id=2164730 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22799
Affected: - SUSE:SLE-12:Update - SUSE:SLE-15:Update - openSUSE:Factory
Packages submitted: 15,12/rubygem-globalid. The change is in rubygem-globalid devel project already (upstream version update).
SUSE-SU-2023:0328-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1207587 CVE References: CVE-2023-22799 JIRA References: Sources used: openSUSE Leap 15.4 (src): rubygem-globalid-0.4.1-150000.3.3.1 SUSE Linux Enterprise High Availability 15-SP4 (src): rubygem-globalid-0.4.1-150000.3.3.1 SUSE Linux Enterprise High Availability 15-SP3 (src): rubygem-globalid-0.4.1-150000.3.3.1 SUSE Linux Enterprise High Availability 15-SP2 (src): rubygem-globalid-0.4.1-150000.3.3.1 SUSE Linux Enterprise High Availability 15-SP1 (src): rubygem-globalid-0.4.1-150000.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing