CVE-2023-22799

HIGH

Rubyonrails Globalid < 1.0.1 - Denial of Service

Title source: rule

Description

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

References (1)

[Patch, Vendor Advisory] https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

Scores

CVSS v3 7.5

EPSS 0.0140

EPSS Percentile 80.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-1333 CWE-400

Status published

Products (2)

rubygems/globalid 0.2.1 - 1.0.1RubyGems

rubyonrails/globalid 0.2.1 - 1.0.1

Published Feb 09, 2023

Tracked Since Feb 18, 2026