Home > Vulnerability Database > CVE-2023-22799

Mend.io Vulnerability Database

CVE-2023-22799

Good to know:

Date: February 8, 2023

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.

Language: Ruby

Severity Score

7.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22799

Url: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

Url: https://github.com/rails/globalid

Url: https://github.com/rails/globalid/commit/4a75ecbfd73a8e92e32a1723b81a17e3136bd8fc

Url: https://github.com/rails/globalid/releases/tag/v1.0.1

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/globalid/CVE-2023-22799.yml

Url: https://www.mend.io/vulnerability-database/CVE-2023-22799

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version globalid - 1.0.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22799

Good to know:

Date: February 8, 2023

Language: Ruby

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?