VulnerableCode Package Details - pkg:deb/debian/ruby3.1@0?distro=bookworm

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ajtx-8w3u-rkae	URI gem has ReDoS vulnerability A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with `rfc2396_parser.rb` and `rfc3986_parser.rb`. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. [The Ruby advisory recommends](https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/) updating the uri gem to 0.12.2. In order to ensure compatibility with the bundled version in older Ruby series, you may update as follows instead: - For Ruby 3.0: Update to uri 0.10.3 - For Ruby 3.1 and 3.2: Update to uri 0.12.2. You can use gem update uri to update it. If you are using bundler, please add gem `uri`, `>= 0.12.2` (or other version mentioned above) to your Gemfile.	CVE-2023-36617 GHSA-hww2-5g85-429m
VCID-trka-k7zz-bkh3	REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.	CVE-2025-58767 GHSA-c2f4-jgmc-q2r5

Vulnerability

Summary

Aliases

VCID-ajtx-8w3u-rkae

URI gem has ReDoS vulnerability A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with `rfc2396_parser.rb` and `rfc3986_parser.rb`. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. [The Ruby advisory recommends](https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/) updating the uri gem to 0.12.2. In order to ensure compatibility with the bundled version in older Ruby series, you may update as follows instead: - For Ruby 3.0: Update to uri 0.10.3 - For Ruby 3.1 and 3.2: Update to uri 0.12.2. You can use gem update uri to update it. If you are using bundler, please add gem `uri`, `>= 0.12.2` (or other version mentioned above) to your Gemfile.

CVE-2023-36617
GHSA-hww2-5g85-429m

VCID-trka-k7zz-bkh3

REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

CVE-2025-58767
GHSA-c2f4-jgmc-q2r5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:38:37.723728+00:00	Debian Importer	Fixing	VCID-ajtx-8w3u-rkae	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:40:09.363163+00:00	Debian Importer	Fixing	VCID-trka-k7zz-bkh3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:56:01.978936+00:00	Debian Importer	Fixing	VCID-ajtx-8w3u-rkae	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:49:38.245291+00:00	Debian Importer	Fixing	VCID-trka-k7zz-bkh3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:25.327878+00:00	Debian Importer	Fixing	VCID-trka-k7zz-bkh3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:25.114691+00:00	Debian Importer	Fixing	VCID-ajtx-8w3u-rkae	https://security-tracker.debian.org/tracker/data/json	38.1.0