CVE-2023-22799

HIGH

Rubyonrails Globalid < 1.0.1 - Denial of Service

Title source: rule

Description

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

References (1)

[Patch, Vendor Advisory] https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

Scores

CVSS v3 7.5

EPSS 0.0163

EPSS Percentile 81.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-1333 CWE-400

Status published

Affected Products (2)

rubyonrails/globalid < 1.0.1

rubygems/globalid < 1.0.1RubyGems

Timeline

Published Feb 09, 2023

Tracked Since Feb 18, 2026