FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-11 14:10:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9b60bba1-cf18-11ed-bd44-080027f5fec9rubygem-uri -- ReDoS vulnerability

Dominic Couture reports:

A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects.


Discovery 2023-03-28
Entry 2023-03-30
ruby
>= 2.7.0,1 lt 2.7.8,1

>= 3.0.0,1 lt 3.0.6,1

>= 3.1.0,1 lt 3.1.4,1

>= 3.2.0.p1,1 lt 3.2.2,1

ruby27
>= 2.7.0,1 lt 2.7.8,1

ruby30
>= 3.0.0,1 lt 3.0.6,1

ruby31
>= 3.1.0,1 lt 3.1.4,1

ruby32
>= 3.2.0.p1,1 lt 3.2.2,1

rubygem-uri
< 0.12.1

CVE-2023-28755
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
6bd2773c-cf1a-11ed-bd44-080027f5fec9rubygem-time -- ReDoS vulnerability

ooooooo_q reports:

The Time parser mishandles invalid strings that have specific characters. It causes an increase in execution time for parsing strings to Time objects.


Discovery 2023-03-30
Entry 2023-03-30
ruby
>= 2.7.0,1 lt 2.7.8,1

>= 3.0.0,1 lt 3.0.6,1

>= 3.1.0,1 lt 3.1.4,1

>= 3.2.0.p1,1 lt 3.2.2,1

ruby27
>= 2.7.0,1 lt 2.7.8,1

ruby30
>= 3.0.0,1 lt 3.0.6,1

ruby31
>= 3.1.0,1 lt 3.1.4,1

ruby32
>= 3.2.0.p1,1 lt 3.2.2,1

rubygem-time
< 0.2.2

CVE-2023-28756
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/