VulnerableCode Package Details

Search for packages

Vulnerability	Summary	Fixed by
VCID-ajtx-8w3u-rkae Aliases: CVE-2023-36617 GHSA-hww2-5g85-429m	URI gem has ReDoS vulnerability A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with `rfc2396_parser.rb` and `rfc3986_parser.rb`. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. [The Ruby advisory recommends](https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/) updating the uri gem to 0.12.2. In order to ensure compatibility with the bundled version in older Ruby series, you may update as follows instead: - For Ruby 3.0: Update to uri 0.10.3 - For Ruby 3.1 and 3.2: Update to uri 0.12.2. You can use gem update uri to update it. If you are using bundler, please add gem `uri`, `>= 0.12.2` (or other version mentioned above) to your Gemfile.	0.11.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.12.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uxdx-abx7-fkdy Aliases: CVE-2023-28755 GHSA-hv5j-3h9f-99c2	Ruby URI component ReDoS issue A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.	0.11.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.12.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ajtx-8w3u-rkae
Aliases:
CVE-2023-36617
GHSA-hww2-5g85-429m

URI gem has ReDoS vulnerability A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with `rfc2396_parser.rb` and `rfc3986_parser.rb`. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. [The Ruby advisory recommends](https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/) updating the uri gem to 0.12.2. In order to ensure compatibility with the bundled version in older Ruby series, you may update as follows instead: - For Ruby 3.0: Update to uri 0.10.3 - For Ruby 3.1 and 3.2: Update to uri 0.12.2. You can use gem update uri to update it. If you are using bundler, please add gem `uri`, `>= 0.12.2` (or other version mentioned above) to your Gemfile.

0.11.2
Affected by 2 other vulnerabilities.

0.12.2
Affected by 2 other vulnerabilities.

VCID-uxdx-abx7-fkdy
Aliases:
CVE-2023-28755
GHSA-hv5j-3h9f-99c2

Ruby URI component ReDoS issue A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

0.11.1
Affected by 4 other vulnerabilities.

0.12.1
Affected by 4 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:17.979166+00:00	Ruby Importer	Affected by	VCID-uxdx-abx7-fkdy	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml	38.0.0
2026-04-01T15:18:17.872979+00:00	Ruby Importer	Affected by	VCID-ajtx-8w3u-rkae	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-36617.yml	38.0.0

2026-04-01T15:18:17.979166+00:00

Ruby Importer

Affected by

VCID-uxdx-abx7-fkdy

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml

38.0.0

2026-04-01T15:18:17.872979+00:00

Ruby Importer

Affected by

VCID-ajtx-8w3u-rkae

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-36617.yml

38.0.0

purl	pkg:gem/uri@0.11
Tags	Ghost

Next non-vulnerable version	0.12.5
Latest non-vulnerable version	1.0.4
Risk	4.0