An update for rubygem-activesupport is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1130 Final 1.0 1.0 2023-02-24 Initial 2023-02-24 2023-02-24 openEuler SA Tool V1.0 2023-02-24 rubygem-activesupport security update An update for rubygem-activesupport is now available for openEuler-20.03-LTS-SP3. A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fix(es): A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.(CVE-2023-22796) An update for rubygem-activesupport is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High rubygem-activesupport https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1130 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-22796 https://nvd.nist.gov/vuln/detail/CVE-2023-22796 openEuler-20.03-LTS-SP3 rubygem-activesupport-5.2.4.4-1.oe1.noarch.rpm rubygem-activesupport-doc-5.2.4.4-1.oe1.noarch.rpm rubygem-activesupport-5.2.4.4-1.oe1.src.rpm A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. 2023-02-24 CVE-2023-22796 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H rubygem-activesupport security update 2023-02-24 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1130