PT-2023-18703 · Globalid+5 · Globalid+5

Ooooooo_Q

Publicado

2023-01-18

Atualizado

2026-03-16

CVE-2023-22799

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GlobalID versions 0.2.1 through 1.0.0 Rails versions 7.0.0 through 7.0.4

Description A ReDoS based DoS vulnerability in GlobalID could allow an attacker to cause the regular expression engine to take an unexpected amount of time with a carefully crafted input. In Rails, there is a possible open redirect when using the redirect to helper with untrusted user input, which could be bypassed by a carefully crafted URL.

Recommendations For GlobalID versions 0.2.1 through 1.0.0, upgrade to version 1.0.1. For Rails versions 7.0.0 through 7.0.4, upgrade to version 7.0.4.1. As a temporary workaround for Rails, consider validating user input for the redirect to helper to prevent open redirects.

Exploit

Correção

DoS

Open Redirect

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333CWE-601CWE-400

Identificadores relacionados

ALT-PU-2025-1938

BDU:2023-07160

CVE-2023-22799

GHSA-23C2-GWP5-PXW9

GHSA-9445-4CR6-336R

OESA-2023-1100

OESA-2023-1101

OESA-2023-1102

OESA-2023-1112

OPENSUSE-SU-2023_0328-1

OPENSUSE-SU-2024:12648-1

OPENSUSE-SU-2024:13156-1

OPENSUSE-SU-2024:14168-1

OPENSUSE-SU-2025:15116-1

OPENSUSE-SU-2026:10347-1

RHSA-2023:6818

RLSA-2023:6818

SUSE-SU-2023:0328-1

SUSE-SU-2023_0328-1

Produtos afetados

Alt Linux

Debian

Globalid

Rails

Rocky Linux

Suse

PT-2023-18703 · Globalid+5 · Globalid+5

CVE-2023-22799

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 49