FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6bd2773c-cf1a-11ed-bd44-080027f5fec9	rubygem-time -- ReDoS vulnerability ooooooo_q reports: The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects. Discovery 2023-03-30 Entry 2023-03-30 ruby >= 2.7.0,1 lt 2.7.8,1 >= 3.0.0,1 lt 3.0.6,1 >= 3.1.0,1 lt 3.1.4,1 >= 3.2.0.p1,1 lt 3.2.2,1 ruby27 >= 2.7.0,1 lt 2.7.8,1 ruby30 >= 3.0.0,1 lt 3.0.6,1 ruby31 >= 3.1.0,1 lt 3.1.4,1 ruby32 >= 3.2.0.p1,1 lt 3.2.2,1 rubygem-time < 0.2.2 CVE-2023-28756 https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/

VuXML ID

Description

6bd2773c-cf1a-11ed-bd44-080027f5fec9

rubygem-time -- ReDoS vulnerability

ooooooo_q reports:

The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects.

Discovery 2023-03-30
Entry 2023-03-30
ruby

>= 2.7.0,1 lt 2.7.8,1

>= 3.0.0,1 lt 3.0.6,1

>= 3.1.0,1 lt 3.1.4,1

>= 3.2.0.p1,1 lt 3.2.2,1

ruby27

>= 2.7.0,1 lt 2.7.8,1

ruby30

>= 3.0.0,1 lt 3.0.6,1

ruby31

>= 3.1.0,1 lt 3.1.4,1

ruby32

>= 3.2.0.p1,1 lt 3.2.2,1

rubygem-time

< 0.2.2

CVE-2023-28756
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/