{"url":"http://public2.vulnerablecode.io/api/packages/64488?format=json","purl":"pkg:gem/uri@0.12.1","type":"gem","namespace":"","name":"uri","version":"0.12.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.12.2","latest_non_vulnerable_version":"1.0.4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44817?format=json","vulnerability_id":"VCID-v5r6-nhe3-87dz","summary":"Ruby URI component ReDoS issue\nA ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.","references":[{"reference_url":"https://github.com/ruby/uri","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ruby/uri"},{"reference_url":"https://github.com/ruby/uri/releases","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ruby/uri/releases"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00015.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QA6XUKUY7B5OLNQBLHOT43UW7C5NIOQQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WMIOPLBAAM3FEQNAXA2L7BDKOGSVUT5Z"},{"reference_url":"https://security.gentoo.org/glsa/202401-27","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-27"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230526-0003","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20230526-0003"},{"reference_url":"https://www.ruby-lang.org/en/downloads/releases","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/downloads/releases"},{"reference_url":"https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released"},{"reference_url":"https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28755","reference_id":"CVE-2023-28755","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28755"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml","reference_id":"CVE-2023-28755.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2023-28755.yml"},{"reference_url":"https://github.com/advisories/GHSA-hv5j-3h9f-99c2","reference_id":"GHSA-hv5j-3h9f-99c2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hv5j-3h9f-99c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64491?format=json","purl":"pkg:gem/uri@0.10.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.10.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/64490?format=json","purl":"pkg:gem/uri@0.10.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/64489?format=json","purl":"pkg:gem/uri@0.11.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/64488?format=json","purl":"pkg:gem/uri@0.12.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.12.1"}],"aliases":["CVE-2023-28755","GHSA-hv5j-3h9f-99c2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5r6-nhe3-87dz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/uri@0.12.1"}