Home > Vulnerability Database > CVE-2023-22799

Mend.io Vulnerability Database

CVE-2023-22799

Good to know:

Date: February 9, 2023

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Language: Ruby

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22799

Url: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

Url: https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b

Url: https://security-tracker.debian.org/tracker/CVE-2023-22799

Url: https://github.com/advisories/GHSA-23c2-gwp5-pxw9

Url: https://www.mend.io/vulnerability-database/CVE-2023-22799

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version globalid - 1.0.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22799

Good to know:

Date: February 9, 2023

Language: Ruby

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?