PT-2023-18703 · Globalid+5 · Globalid+5

Ooooooo_Q

·

Published

2023-01-18

·

Updated

2026-03-16

·

CVE-2023-22799

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions GlobalID versions 0.2.1 through 1.0.0 Rails versions 7.0.0 through 7.0.4
Description A ReDoS based DoS vulnerability in GlobalID could allow an attacker to cause the regular expression engine to take an unexpected amount of time with a carefully crafted input. In Rails, there is a possible open redirect when using the redirect to helper with untrusted user input, which could be bypassed by a carefully crafted URL.
Recommendations For GlobalID versions 0.2.1 through 1.0.0, upgrade to version 1.0.1. For Rails versions 7.0.0 through 7.0.4, upgrade to version 7.0.4.1. As a temporary workaround for Rails, consider validating user input for the redirect to helper to prevent open redirects.

Exploit

Fix

DoS

Open Redirect

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-601CWE-400

Related Identifiers

ALT-PU-2025-1938
BDU:2023-07160
CVE-2023-22799
GHSA-23C2-GWP5-PXW9
GHSA-9445-4CR6-336R
OESA-2023-1100
OESA-2023-1101
OESA-2023-1102
OESA-2023-1112
OPENSUSE-SU-2023_0328-1
OPENSUSE-SU-2024:12648-1
OPENSUSE-SU-2024:13156-1
OPENSUSE-SU-2024:14168-1
OPENSUSE-SU-2025:15116-1
OPENSUSE-SU-2026:10347-1
RHSA-2023:6818
RLSA-2023:6818
SUSE-SU-2023:0328-1
SUSE-SU-2023_0328-1

Affected Products

Alt Linux
Debian
Globalid
Rails
Rocky Linux
Suse