A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of.....
5.3CVSS
5.8AI Score
0.002EPSS
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and...
5.3CVSS
5.9AI Score
0.002EPSS
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question....
6.1CVSS
5.9AI Score
0.001EPSS
A flaw (CVE-2022-38900) was discovered in one of Kibanaβs third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server...
6.5CVSS
6.5AI Score
0.003EPSS
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in...
7.5CVSS
6.7AI Score
0.003EPSS
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand"...
7.5CVSS
7.5AI Score
0.001EPSS
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
6.5CVSS
6.3AI Score
0.001EPSS
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is...
7.8CVSS
7.7AI Score
0.0004EPSS