14 lines
1.1 KiB
JSON
14 lines
1.1 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1121",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1121",
|
|
"title": "An update for jruby is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
|
|
"severity": "Medium",
|
|
"description": "JRuby is a 100% Java implementation of the Ruby programming language. It is Ruby for the JVM. JRuby provides a complete set of core \"builtin\" classes and syntax for the Ruby language, as well as most of the Ruby Standard Libraries.\r\n\r\nSecurity Fix(es):\r\n\r\nA ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.(CVE-2023-28756)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2023-28756",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |