CVE-2023-22799

HIGH

GlobalID < 1.0.1 - Denial of Service via Inefficient Regular Expression Complexity

Title source: llm

Description

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

Scores

CVSS v3 7.5

EPSS 0.0105

EPSS Percentile 59.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-1333 CWE-400

Status published

Products (2)

rubygems/globalid 0.2.1 - 1.0.1RubyGems

rubyonrails/globalid 0.2.1 - 1.0.1

Published Feb 09, 2023

Tracked Since Feb 18, 2026