PT-2023-5396 · Redcloth+4 · Redcloth+4
Merbinro
·
Publicado
2023-06-06
·
Atualizado
2024-01-10
·
CVE-2023-31606
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
RedCloth gem version 4.0.0
Description
A Regular Expression Denial of Service (ReDoS) issue was discovered in the
sanitize html function. This issue allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. The vulnerability is related to the use of a regular expression with inefficient computational complexity, which can be exploited by a remote attacker to cause a service disruption.Recommendations
For RedCloth gem version 4.0.0, consider disabling the
sanitize html function until a patch is available to prevent potential Denial of Service (DoS) attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Debian
Linuxmint
Redcloth
Ubuntu