Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/uri@0.12.1

Type gem

Namespace

Name uri

Version 0.12.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.12.2

Latest_non_vulnerable_version 1.0.4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-v5r6-nhe3-87dz

vulnerability_id VCID-v5r6-nhe3-87dz

summary

Ruby URI component ReDoS issue
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

references

reference_url	https://github.com/ruby/uri
reference_id
reference_type
scores
url	https://github.com/ruby/uri

reference_url	https://github.com/ruby/uri/releases
reference_id
reference_type
scores
url	https://github.com/ruby/uri/releases

reference_url	https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html

reference_url	https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html

reference_url	https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z

reference_url	https://security.gentoo.org/glsa/202401-27
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202401-27

reference_url	https://security.netapp.com/advisory/ntap-20230526-0003
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230526-0003

reference_url	https://www.ruby-lang.org/en/downloads/releases
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/downloads/releases

reference_url	https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released

reference_url	https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-28755
reference_id	CVE-2023-28755
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-28755

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml
reference_id	CVE-2023-28755.YML
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml

reference_url	https://github.com/advisories/GHSA-hv5j-3h9f-99c2
reference_id	GHSA-hv5j-3h9f-99c2
reference_type
scores
url	https://github.com/advisories/GHSA-hv5j-3h9f-99c2

fixed_packages

url	pkg:gem/uri@0.10.0.1
purl	pkg:gem/uri@0.10.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.10.0.1

url	pkg:gem/uri@0.10.2
purl	pkg:gem/uri@0.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.10.2

url	pkg:gem/uri@0.11.1
purl	pkg:gem/uri@0.11.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.11.1

url	pkg:gem/uri@0.12.1
purl	pkg:gem/uri@0.12.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.12.1

aliases CVE-2023-28755, GHSA-hv5j-3h9f-99c2

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5r6-nhe3-87dz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.12.1

Package Instance